CompTIA CAS-002 Advanced Security Practitioner Certify Exam Set 5

A firm's Chief Executive Officer (CEO) is concerned that IT staff lacks the knowledge to identify complex vulnerabilities that may exist in a payment system being internally developed. The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product. The CEO highlighted that code base confidentiality is of critical importance to allow the company to exceed the competition in terms of the product's reliability, stability, and performance. Which of the following would provide the MOST thorough testing and satisfy the CEO requirements?


Options are :

  • Use the most qualified and senior developers on the project to perform a variety of White box testing and code reviews.
  • Sign a NDA with a large security consulting firm and use the firm to perform Grey box testing and address all findings.
  • Sign a BPA with a small software consulting firm and use the firm to perform Black box testing and address all findings.
  • Sign a MOU with a marketing firm to preserve the company reputation and use inhouse resources for random testing.

Answer :Sign a NDA with a large security consulting firm and use the firm to perform Grey box testing and address all findings.

CompTIA Cyber Security Analyst (CySA+) Practice Exams 2019 Set 1

A bank is in the process of developing a new mobile application. The mobile client renders content and communicates back to the company servers via REST/JSON calls. The bank wants to ensure that the communication is stateless between the mobile application and the web services gateway. Which of the following controls MUST be implemented to enable stateless communication?


Options are :

  • Generate a one-time key as part of the device registration process.
  • The jsession cookie should be stored securely after authentication.
  • Require SSL between the mobile application and the web services gateway.
  • Authentication assertion should be stored securely on the client.

Answer :Authentication assertion should be stored securely on the client.

Log all traffic coming from the competitor's public IP addresses.


Options are :

  • Implement geo-fencing to track products.
  • Equip each truck with an RFID tag for location services.
  • Install GSM tracking on each product for end-to-end delivery visibility.
  • Require drivers to geo-tag documentation at each delivery location.

Answer :Implement geo-fencing to track products.

ABC Corporation has introduced token-based authentication to system administrators due to the risk of password compromise. The tokens have a set of HMAC counter-based codes and are valid until they are used. Which of the following types of authentication mechanisms does this statement describe?


Options are :

  • HOTP
  • PAP
  • CHAP
  • TOTP

Answer :HOTP

CAS-001 CompTIA Advanced Security Practitioner Practice Exam Set 10

A security manager is looking into the following vendor proposal for a cloud-based SIEM solution. The intention is that the cost of the SIEM solution will be justified by having reduced the number of incidents and therefore saving on the amount spent investigating incidents. Proposal: External cloud-based software as a service subscription costing $5,000 per month. Expected to reduce the number of current incidents per annum by 50%. The company currently has ten security incidents per annum at an average cost of $20,000 per incident. Which of the following is the ROI for this proposal after three years?


Options are :

  • ($30,000)
  • $220,000
  • $280,000
  • $250,000

Answer :($30,000)

Using SSL, an administrator wishes to secure public facing server farms in three subdomains: dc1.east.company.com, dc2.central.company.com, and dc3.west.company.com. Which of the following is the number of wildcard SSL certificates that should be purchased?


Options are :

  • 3
  • 6
  • 0
  • 1

Answer :3

An accountant at a small business is trying to understand the value of a server to determine if the business can afford to buy another server for DR. The risk manager only provided the accountant with the SLE of $24,000, ARO of 20% and the exposure factor of 25%. Which of the following is the correct asset value calculated by the accountant?


Options are :

  • $4,800
  • $24,000
  • $96,000
  • $220,000

Answer :$96,000

220-801 CompTIA A+ Certification Practice Exam Set 4

A medical device manufacturer has decided to work with another international organization to develop the software for a new robotic surgical platform to be introduced into hospitals within the next 12 months. In order to ensure a competitor does not become aware, management at the medical device manufacturer has decided to keep it secret until formal contracts are signed. Which of the following documents is MOST likely to contain a description of the initial terms and arrangement and is not legally enforceable?


Options are :

  • BPA
  • MOU
  • SLA
  • OLA
  • SOA

Answer :MOU

A bank has decided to outsource some existing IT functions and systems to a third party service provider. The third party service provider will manage the outsourced systems on their own premises and will continue to directly interface with the bank?s other systems through dedicated encrypted links. Which of the following is critical to ensure the successful management of system security concerns between the two organizations?


Options are :

  • ISA
  • SOA
  • MOU
  • BIA

Answer :ISA

Company policy requires that all company laptops meet the following baseline requirements: Software requirements: Antivirus Anti-malware Anti-spyware Log monitoring Full-disk encryption Terminal services enabled for RDP Administrative access for local users Hardware restrictions: Bluetooth disabled FireWire disabled WiFi adapter disabled Ann, a web developer, reports performance issues with her laptop and is not able to access any network resources. After further investigation, a bootkit was discovered and it was trying to access external websites. Which of the following hardening techniques should be applied to mitigate this specific issue from reoccurring? (Select TWO).


Options are :

  • Group policy to limit web access
  • Restrict/disable USB access
  • Restrict VPN access for all mobile users
  • Remove administrative access to local users
  • Remove full-disk encryption

Answer :Restrict/disable USB access Remove administrative access to local users

CompTIA JK0-015 E2C Security+ Certification Practice Test Set 7

A software developer and IT administrator are focused on implementing security in the organization to protect OSI layer 7. Which of the following security technologies would BEST meet their requirements? (Select TWO).


Options are :

  • NIPS
  • NIDS
  • WAF
  • HSM
  • HIPS

Answer :WAF HIPS

The finance department for an online shopping website has discovered that a number of customers were able to purchase goods and services without any payments. Further analysis conducted by the security investigations team indicated that the website allowed customers to update a payment amount for shipping. A specially crafted value could be entered and cause a roll over, resulting in the shipping cost being subtracted from the balance and in some instances resulted in a negative balance. As a result, the system processed the negative balance as zero dollars. Which of the following BEST describes the application issue?


Options are :

  • SQL injection
  • Click-jacking
  • Integer overflow
  • Use after free
  • Race condition

Answer :Integer overflow

During a new desktop refresh, all hosts are hardened at the OS level before deployment to comply with policy. Six months later, the company is audited for compliance to regulations. The audit discovers that 40 percent of the desktops do not meet requirements. Which of the following is the MOST likely cause of the noncompliance?


Options are :

  • The patch management system is causing the devices to be noncompliant after issuing the latest patches.
  • The desktop applications were configured with the default username and password.
  • The devices are being modified and settings are being overridden in production.
  • 40 percent of the devices use full disk encryption.

Answer :The devices are being modified and settings are being overridden in production.

FC0-U41 CompTIA Strata IT Fundamentals Practice Test Set 8

The following has been discovered in an internally developed application: Error - Memory allocated but not freed: char *myBuffer = malloc(BUFFER_SIZE); if (myBuffer != NULL) { *myBuffer = STRING_WELCOME_MESSAGE; printf("Welcome to: %s\n", myBuffer); } exit(0); Which of the following security assessment methods are likely to reveal this security weakness? (Select TWO).


Options are :

  • Static code analysis
  • Manual code review
  • Memory dumping
  • Penetration testing
  • Application sandboxing

Answer :Static code analysis Manual code review

A company provides on-demand cloud computing resources for a sensitive project. The company implements a fully virtualized datacenter and terminal server access with two-factor authentication for customer access to the administrative website. The security administrator at the company has uncovered a breach in data confidentiality. Sensitive data from customer A was found on a hidden directory within the VM of company B. Company B is not in the same industry as company A and the two are not competitors. Which of the following has MOST likely occurred?


Options are :

  • An employee with administrative access to the virtual guests was able to dump the guest memory onto a mapped disk.
  • A stolen two factor token was used to move data from one virtual guest to another host on the same network segment.
  • Both VMs were left unsecured and an attacker was able to exploit network vulnerabilities to access each and move the data.
  • A hypervisor server was left un-patched and an attacker was able to use a resource exhaustion attack to gain unauthorized access.

Answer :Both VMs were left unsecured and an attacker was able to exploit network vulnerabilities to access each and move the data.

A security manager looked at various logs while investigating a recent security breach in the data center from an external source. Each log below was collected from various security devices compiled from a report through the company?s security information and event management server. Logs: Log 1: Feb 5 23:55:37.743: %SEC-6-IPACCESSLOGS: list 10 denied 10.2.5.81 3 packets Log 2: HTTP://www.company.com/index.php?user=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Log 3: Security Error Alert Event ID 50: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client Log 4: Encoder oe = new OracleEncoder (); String query = "Select user_id FROM user_data WHERE user_name = " oe.encode ( req.getParameter("userID") ) + " and user_password = " oe.encode ( req.getParameter("pwd") ) +" "; VulnerabilitiesBuffer overflow SQL injection ACL XSS Which of the following logs and vulnerabilities would MOST likely be related to the security breach? (Select TWO).


Options are :

  • Log 3
  • Log 2
  • ACL
  • Log 1
  • Buffer overflow

Answer :Log 2 Buffer overflow

HT0-201 CEA- CompTIA DHTI+ Certification Practice Exam Set 3

VPN users cannot access the active FTP server through the router but can access any server in the data center. Additional network information: DMZ network - 192.168.5.0/24 (FTP server is 192.168.5.11) VPN network - 192.168.1.0/24 Datacenter - 192.168.2.0/24 User network - 192.168.3.0/24 HR network - 192.168.4.0/24\ Traffic shaper configuration: VLAN Bandwidth Limit (Mbps) VPN50User175 HR250 Finance250 Guest0 Router ACL: ActionSourceDestination Permit192.168.1.0/24192.168.2.0/24 Permit192.168.1.0/24192.168.3.0/24 Permit192.168.1.0/24192.168.5.0/24 Permit192.168.2.0/24192.168.1.0/24 Permit192.168.3.0/24192.168.1.0/24 Permit192.168.5.1/32192.168.1.0/24 Deny192.168.4.0/24192.168.1.0/24 Deny192.168.1.0/24192.168.4.0/24 Denyanyany Which of the following solutions would allow the users to access the active FTP server?


Options are :

  • Configure the traffic shaper to limit DMZ traffic
  • IPS is blocking traffic and needs to be reconfigured
  • Add a permit statement to allow traffic to 192.168.5.1 from the VPN network
  • Increase bandwidth limit on the VPN network
  • Add a permit statement to allow traffic from 192.168.5.0/24 to the VPN network

Answer :Add a permit statement to allow traffic from 192.168.5.0/24 to the VPN network

During an incident involving the company main database, a team of forensics experts is hired to respond to the breach. The team is in charge of collecting forensics evidence from the company?s database server. Which of the following is the correct order in which the forensics team should engage?


Options are :

  • Secure the scene, take inventory, capture volatile storage, capture non-volatile storage, document, and implement chain of custody.
  • Notify senior management, secure the scene, capture volatile storage, capture non-volatile storage, implement chain of custody, and analyze original media.
  • Implement chain of custody, take inventory, secure the scene, capture volatile and non-volatile storage, and document the findings.
  • Take inventory, secure the scene, capture RAM, capture had drive, implement chain of custody, document, and analyze the data.

Answer :Secure the scene, take inventory, capture volatile storage, capture non-volatile storage, document, and implement chain of custody.

The IT director has charged the company helpdesk with sanitizing fixed and removable media. The helpdesk manager has written a new procedure to be followed by the helpdesk staff. This procedure includes the current standard to be used for data sanitization, as well as the location of physical degaussing tools. In which of the following cases should the helpdesk staff use the new procedure? (Select three.)


Options are :

  • When media fails or is unusable
  • Before asset repurposing
  • While deploying new assets
  • While reviewing the risk assessment
  • During asset disposal

Answer :When media fails or is unusable Before asset repurposing During asset disposal

CompTIA Security+ Cert. (SY0-501): Practice Tests 2019 Set 4

Company policy requires that all unsupported operating systems be removed from the network. The security administrator is using a combination of network based tools to identify such systems for the purpose of disconnecting them from the network. Which of the following tools, or outputs from the tools in use, can be used to help the security administrator make an approximate determination of the operating system in use on the local company network? (Select THREE).


Options are :

  • Passive banner grabbing
  • dig host.company.com
  • Nmap
  • 09:18:16.262743 IP (tos 0x0, ttl 64, id 9870, offset 0, flags [none], proto TCP (6), length 40) 192.168.1.3.1051 > 10.46.3.7.80: Flags [none], cksum 0x1800 , win 512, length 0
  • Password cracker

Answer :Passive banner grabbing Nmap 09:18:16.262743 IP (tos 0x0, ttl 64, id 9870, offset 0, flags [none], proto TCP (6), length 40) 192.168.1.3.1051 > 10.46.3.7.80: Flags [none], cksum 0x1800 , win 512, length 0

company has adopted a BYOD program. The company would like to protect confidential information. However, it has been decided that when an employee leaves, the company will not completely wipe the personal device. Which of the following would MOST likely help the company maintain security when employees leave?


Options are :

  • Require cloud storage on corporate servers and disable access upon termination
  • Whitelist access to only non-confidential information
  • Require that devices not have local storage
  • Utilize an MDM solution with containerization

Answer :Utilize an MDM solution with containerization

An employee is performing a review of the organization?s security functions and noticed that there is some cross over responsibility between the IT security team and the financial fraud team. Which of the following security documents should be used to clarify the roles and responsibilities between the teams?


Options are :

  • MOU
  • BIA
  • OLA
  • BPA

Answer :MOU

CD0-001 CDIA+ Certification Practice Exam Set 8

A risk manager has decided to use likelihood and consequence to determine the risk of an event occurring to a company asset. Which of the following is a limitation of this approach to risk management?


Options are :

  • Requires a high degree of upfront work to gather environment details.
  • Allows for cost and benefit analysis.
  • Difficult to differentiate between high, medium, and low risks.
  • Calculations can be extremely complex to manag
  • Subjective and based on an individual's experience.

Answer :Subjective and based on an individual's experience.

The risk manager at a small bank wants to use quantitative analysis to determine the ALE of running a business system at a location which is subject to fires during the year. A risk analyst reports to the risk manager that the asset value of the business system is $220,000 and, based on industry data, the exposure factor to fires is only 20% due to the fire suppression system installed at the site. Fires occur in the area on average every four years. Which of the following is the ALE?


Options are :

  • $96,000
  • $30,000
  • $24,000
  • $6,000

Answer :$6,000

An organization recently upgraded its wireless infrastructure to support 802.1x and requires all clients to use this method. After the upgrade, several critical wireless clients fail to connect because they are only pre-shared key compliant. For the foreseeable future, none of the affected clients have an upgrade path to put them into compliance with the 802.1x requirement. Which of the following provides the MOST secure method of integrating the non-compliant clients into the network?


Options are :

  • Create a separate SSID with a pre-shared key to support the legacy clients and rotate the key at random intervals.
  • Create a separate SSID and pre-shared WPA2 key on a new network segment and only allow required communication paths.
  • Create a separate SSID and require the use of dynamic encryption keys.
  • Create a separate SSID and require the legacy clients to connect to the wireless network using certificate-based 802.1x.

Answer :Create a separate SSID with a pre-shared key to support the legacy clients and rotate the key at random intervals.

JK0-015 CompTIA E2C Security+ 2008 Edition Practice Exam Set 5

After reviewing a company?s NAS configuration and file system access logs, the auditor is advising the security administrator to implement additional security controls on the NFS export. The security administrator decides to remove the no_root_squash directive from the export and add the nosuid directive. Which of the following is true about the security controls implemented by the security administrator?


Options are :

  • The newly implemented security controls are in place to ensure that NFS encryption can only be controlled by the root user.
  • Adding the nosuid directive disables regular users from accessing files owned by the root user over NFS even after using the SU command.
  • Users with root access on remote NFS client computers can always use the SU command to modify other user?s files on the NAS.
  • Removing the no_root_squash directive grants the root user remote NFS read/write access to important files owned by root on the NAS.

Answer :Users with root access on remote NFS client computers can always use the SU command to modify other user?s files on the NAS.

A security administrator is assessing a new application. The application uses an API that is supposed to encrypt text strings that are stored in memory. How might the administrator test that the strings are indeed encrypted in memory?


Options are :

  • Initiate a core dump of the application
  • Use a packet analyzer to inspect the strings
  • Use an HTTP interceptor to capture the text strings
  • Use fuzzing techniques to examine application inputs
  • Run nmap to attach to application memory

Answer :Initiate a core dump of the application

A storage as a service company implements both encryption at rest as well as encryption in transit of customers? data. The security administrator is concerned with the overall security of the encrypted customer data stored by the company servers and wants the development team to implement a solution that will strengthen the customer?s encryption key. Which of the following, if implemented, will MOST increase the time an offline password attack against the customers? data would take?


Options are :

  • password = password + sha(password+salt) + aes256(password+salt)
  • key = aes128(sha256(password), password))
  • password = NULL ; for (int i=0; i<10000; i++) { password = sha256(key) }
  • key = NULL ; for (int i=0; i<5000; i++) { key = sha(key + password) }

Answer :key = NULL ; for (int i=0; i<5000; i++) { key = sha(key + password) }

CompTIA SY0-401 Security Certification Practice Exam Set 6

A security services company is scoping a proposal with a client. They want to perform a general security audit of their environment within a two-week period and consequently have the following requirements: Requirement 1 - Ensure their server infrastructure operating systems are at their latest patch levels Requirement 2 - Test the behavior between the application and database Requirement 3 - Ensure that customer data cannot be exfiltrated Which of the following is the BEST solution to meet the above requirements?


Options are :

  • Conduct network analysis, dynamic code analysis, and static code analysis
  • Penetration test, perform social engineering and run a vulnerability scanner
  • Conduct network analysis, dynamic code analysis, and static code analysis
  • Perform dynamic code analysis, penetration test and run a vulnerability scanner

Answer :Perform dynamic code analysis, penetration test and run a vulnerability scanner

An organization has several production critical SCADA supervisory systems that cannot follow the normal 30-day patching policy. Which of the following BEST maximizes the protection of these systems from malicious software?


Options are :

  • Configure a separate zone for the systems and restrict access to known ports
  • Configure the systems to ensure only necessary applications are able to run
  • Configure a firewall with deep packet inspection that restricts traffic to the systems
  • Configure the host firewall to ensure only the necessary applications have listening ports

Answer :Configure the systems to ensure only necessary applications are able to run

Since the implementation of IPv6 on the company network, the security administrator has been unable to identify the users associated with certain devices utilizing IPv6 addresses, even when the devices are centrally managed. en1: flags=8863 mtu 1500 ether f8:1e:af:ab:10:a3 inet6 fw80::fa1e:dfff:fee6:9d8%en1 prefixlen 64 scopeid 0x5 inet 192.168.1.14 netmask 0xffffff00 broadcast 192.168.1.255 inet6 2001:200:5:922:1035:dfff:fee6:9dfe prefixlen 64 autoconf inet6 2001:200:5:922:10ab:5e21:aa9a:6393 prefixlen 64 autoconf temporary nd6 options=1 media: autoselect status: active Given this output, which of the following protocols is in use by the company and what can the system administrator do to positively map users with IPv6 addresses in the future? (Select TWO).


Options are :

  • The router IPv6 advertisement has been disabled
  • The routers implement NDP
  • The devices use EUI-64 format
  • The network implements 6to4 tunneling
  • The administrator must disable the IPv6 privacy extensions

Answer :The routers implement NDP The administrator must disable the IPv6 privacy extensions

CompTIA JK0-018 Security+ E2C Certification Practice Exam Set 8

An IT auditor is reviewing the data classification for a sensitive system. The company has classified the data stored in the sensitive system according to the following matrix: DATA TYPECONFIDENTIALITYINTEGRITYAVAILABILITY FinancialHIGHHIGHLOW Client nameMEDIUMMEDIUMHIGH Client addressLOWMEDIUMLOW AGGREGATEMEDIUMMEDIUMMEDIUM The auditor is advising the company to review the aggregate score and submit it to senior management. Which of the following should be the revised aggregate score?


Options are :

  • MEDIUM, MEDIUM, LOW
  • HIGH, HIGH, HIGH
  • MEDIUM, MEDIUM, MEDIUM
  • HIGH, MEDIUM, LOW

Answer :HIGH, HIGH, HIGH

An insurance company has an online quoting system for insurance premiums. It allows potential customers to fill in certain details about their car and obtain a quote. During an investigation, the following patterns were detected: Pattern 1 - Analysis of the logs identifies that insurance premium forms are being filled in but only single fields are incrementally being updated. Pattern 2 - For every quote completed, a new customer number is created; due to legacy systems, customer numbers are running out. Which of the following is the attack type the system is susceptible to, and what is the BEST way to defend against it? (Select TWO).


Options are :

  • Resource exhaustion attack
  • Apply a hidden field that triggers a SIEM alert
  • Input a blacklist of all known BOT malware IPs into the firewall
  • Cross site scripting attack
  • Implement an inline WAF and integrate into SIEM

Answer :Resource exhaustion attack Implement an inline WAF and integrate into SIEM

A company that must comply with regulations is searching for a laptop encryption product to use for its 40,000 end points. The product must meet regulations but also be flexible enough to minimize overhead and support in regards to password resets and lockouts. Which of the following implementations would BEST meet the needs?


Options are :

  • A file-based encryption product using profiles to target areas on the file system to encrypt
  • A partition-based software encryption product with a low-level boot protection and authentication
  • A container-based encryption product that allows the end users to select which files to encrypt
  • A full-disk hardware-based encryption product with a low-level boot protection and authentication

Answer :A file-based encryption product using profiles to target areas on the file system to encrypt

CA1-001 CompTIA Advanced Security Practitioner Practice Exam Set 1

A security tester is testing a website and performs the following manual query: https://www.comptia.com/cookies.jsp?products=5%20and%201=1 The following response is received in the payload: "ORA-000001: SQL command not properly ended" Which of the following is the response an example of?


Options are :

  • Cross-site scripting
  • Fingerprinting
  • SQL injection
  • Privilege escalation

Answer :Fingerprinting

An organization uses IP address block 203.0.113.0/24 on its internal network. At the border router, the network administrator sets up rules to deny packets with a source address in this subnet from entering the network, and to deny packets with a destination address in this subnet from leaving the network. Which of the following is the administrator attempting to prevent?


Options are :

  • Man-in-the-middle attacks
  • IP spoofing attacks
  • BGP route hijacking attacks
  • Bogon IP network traffic

Answer :IP spoofing attacks

The telecommunications manager wants to improve the process for assigning company-owned mobile devices and ensuring data is properly removed when no longer needed. Additionally, the manager wants to onboard and offboard personally owned mobile devices that will be used in the BYOD initiative. Which of the following should be implemented to ensure these processes can be automated? (Select THREE).


Options are :

  • MDM software
  • Chargeback system
  • Identity attestation
  • Remote wiping
  • SIM?s PIN

Answer :MDM software Identity attestation Remote wiping

220-702 CompTIA A+ Practical Application Certification Exam Set 2

The network administrator at an enterprise reported a large data leak. One compromised server was used to aggregate data from several critical application servers and send it out to the Internet using HTTPS. Upon investigation, there have been no user logins over the previous week and the endpoint protection software is not reporting any issues. Which of the following BEST provides insight into where the compromised server collected the information?


Options are :

  • Configure the server logs to collect unusual activity including failed logins and restarted services.
  • Setup a packet capture on the firewall to collect all of the server communications.
  • Correlate data loss prevention logs for anomalous communications from the server.
  • Review the flow data against each server?s baseline communications profile.

Answer :Review the flow data against each server?s baseline communications profile.

An international shipping company discovered that deliveries left idle are being tampered with. The company wants to reduce the idle time associated with international deliveries by ensuring that personnel are automatically notified when an inbound delivery arrives at the transit dock. Which of the following should be implemented to help the company increase the security posture of its operations?


Options are :

  • Asset tracking
  • Barcode scanner
  • Geo-fencing
  • Back office database

Answer :Geo-fencing

Wireless users are reporting issues with the company?s video conferencing and VoIP systems. The security administrator notices internal DoS attacks from infected PCs on the network causing the VoIP system to drop calls. The security administrator also notices that the SIP servers are unavailable during these attacks. Which of the following security controls will MOST likely mitigate the VoIP DoS attacks on the network? (Select TWO).


Options are :

  • Configure 802.1X on the network
  • Install a HIPS on the SIP servers
  • Update the corporate firewall to block attacking addresses
  • Configure 802.1q on the network
  • Configure 802.11e on the network

Answer :Install a HIPS on the SIP servers Configure 802.11e on the network

CompTIA Network+ 6 Certification Practice Exams - 2019 Set 5

A system worth $200,000 has an exposure factor of eight percent and an ARO of four. Which of the following figures is the system?s SLE?


Options are :

  • $8,000
  • $2,000
  • $32,000
  • $22,000

Answer :$8,000

A security auditor suspects two employees of having devised a scheme to steal money from the company. While one employee submits purchase orders for personal items, the other employee approves these purchase orders. The auditor has contacted the human resources director with suggestions on how to detect such illegal activities. Which of the following should the human resource director implement to identify the employees involved in these activities and reduce the risk of this activity occurring in the future?


Options are :

  • Background checks
  • Least privilege
  • Job rotation
  • Employee termination procedures

Answer :Job rotation

An investigator wants to collect the most volatile data first in an incident to preserve the data that runs the highest risk of being lost. After memory, which of the following BEST represents the remaining order of volatility that the investigator should follow?


Options are :

  • System processes, network processes, file system information, swap files and raw disk blocks
  • Raw disk blocks, network processes, system processes, swap files and file system information.
  • File system information, swap files, network processes, system processes and raw disk blocks.
  • Raw disk blocks, swap files, network processes, system processes, and file system information

Answer :System processes, network processes, file system information, swap files and raw disk blocks

CompTIA JK0-017 E2C Project+ Certification Practice Exam Set 2

A company decides to purchase commercially available software packages. This can introduce new security risks to the network. Which of the following is the BEST description of why this is true?


Options are :

  • Commercially available software packages are well known and widely available. Information concerning vulnerabilities and viable attack patterns are always shared within the IT community.
  • Commercially available software packages are not widespread and are only available in limited areas. Information concerning vulnerabilities is often ignored by business managers.
  • Commercially available software packages are typically well known and widely available. Information concerning vulnerabilities and viable attack patterns are never revealed by the developer to avoid lawsuits.
  • Commercially available software packages are often widely available. Information concerning vulnerabilities is often kept internal to the company that developed the software.

Answer :Commercially available software packages are often widely available. Information concerning vulnerabilities is often kept internal to the company that developed the software.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions