CompTIA Cyber Security Analyst (CySA+) Practice Exams 2019 Set 2

A company discovers an unauthorized device accessing network resources through one of many network drops in a common area used by visitors.The company decides that it wants to quickly prevent unauthorized devices from accessing the network but policy prevents the company from making changes onevery connecting client.Which of the following should the company implement?


Options are :

  • WPA2
  • Mandatory Access Control
  • Port security (Correct)
  • Network Intrusion Prevention

Answer : Port security

CompTIA Cyber Security Analyst (CySA+) Practice Exams 2019 Set 7

An organization uses Common Vulnerability Scoring System (CVSS) scores to prioritize remediation of vulnerabilities.Management wants to modify the priorities based on a difficulty factor so that vulnerabilities with lower CVSS scores may get a higher priority if they are easier toimplement with less risk to system functionality. Management also wants to quantify the priority. Which of the following would achieve managements objective?


Options are :

  • (CVSS Score) / Difficulty = Priority Where Difficulty is a range from 1 to 10 with 10 being easiest and lowest risk to implement (Correct)
  • (CVSS Score) * Difficulty = Priority Where Difficulty is a range from 0.1 to 1.0 with 1.0 being easiest and lowest risk to implement
  • (CVSS Score) * Difficulty = Priority Where Difficulty is a range from 1 to 5 with 1 being easiest and lowest risk to implement
  • ((CVSS Score) * 2) / Difficulty = Priority Where CVSS Score is weighted and Difficulty is a range from 1 to 5 with 5 being easiest and lowest risk to implement

Answer : (CVSS Score) / Difficulty = Priority Where Difficulty is a range from 1 to 10 with 10 being easiest and lowest risk to implement

A malware infection spread to numerous workstations within the marketing department. The workstations were quarantined and replaced with machines.Which of the following represents a FINAL step in the eradication of the malware?


Options are :

  • The workstations should be reimaged.
  • The workstations should be patched and scanned. (Correct)
  • The workstations should be donated for reuse.
  • The workstations should be isolated from the network.

Answer : The workstations should be patched and scanned.

A security analyst is concerned that employees may attempt to exfiltrate data prior to tendering their resignations. Unfortunately, the company cannot afford topurchase a data loss prevention (DLP) system. Which of the following recommendations should the security analyst make to provide defense-in-depth against dataloss? (Select THREE).


Options are :

  • Prevent users from copying data from workstation to workstation
  • Prevent users from using roaming profiles when changing workstations
  • Prevent Internet access on laptops unless connected to the network in the office or via VPN (Correct)
  • Prevent users from accessing personal email and file-sharing sites via web proxy (Correct)
  • Prevent users from being able to use the copy and paste functions
  • Prevent flash drives from connecting to USB ports using Group Policy (Correct)

Answer : Prevent Internet access on laptops unless connected to the network in the office or via VPN Prevent users from accessing personal email and file-sharing sites via web proxy Prevent flash drives from connecting to USB ports using Group Policy

CV0-001 CompTIA Cloud+ Certification Practice Exam Set 1

Which of the following represent the reasoning behind careful selection of the timelines and time-of-day boundaries for an authorized penetration test? (SelectTWO).


Options are :

  • To avoid conflicts with real intrusions that may occur
  • To schedule personnel resources required for test activities (Correct)
  • To ensure tests have measurable impact to operations
  • To mitigate unintended impacts to operations (Correct)
  • To determine frequency of team communication and reporting

Answer : To schedule personnel resources required for test activities To mitigate unintended impacts to operations

A software patch has been released to remove vulnerabilities from companys software. A security analyst has been tasked with testing the software to ensure thevulnerabilities have been remediated and the application is still functioning properly. Which of the following tests should be performed NEXT?


Options are :

  • Regression testing (Correct)
  • User acceptance testing
  • Fuzzing
  • Penetration testing

Answer : Regression testing

Which of the following is a feature of virtualization that can potentially create a single point of failure?


Options are :

  • Faster server provisioning
  • Running multiple OS instances
  • Load balancing hypervisors
  • Server consolidation (Correct)

Answer : Server consolidation

CT0-101 Convergence+ Certification Practice Exam Set 8

An analyst has received unusual alerts on the SIEM dashboard. The analyst wants to get payloads that the hackers are sending toward the target systems withoutimpacting the business operation. Which of the following should the analyst implement?


Options are :

  • Sandboxing
  • Honeypot (Correct)
  • Jump box
  • Virtualization

Answer : Honeypot

While a threat intelligence analyst was researching an indicator of compromise on a search engine, the web proxy generated an alert regarding the same indicator.The threat intelligence analyst states that related sites were not visited but were searched for in a search engine. Which of the following MOST likely happened inthis situation?


Options are :

  • The analyst has prefetch enabled on the browser in use. (Correct)
  • The analyst accidently clicked a link related to the indicator.
  • The analyst is not using the standard approved browser.
  • The alert in unrelated to the analysts search.

Answer : The analyst has prefetch enabled on the browser in use.

While a threat intelligence analyst was researching an indicator of compromise on a search engine, the web proxy generated an alert regarding the same indicator.The threat intelligence analyst states that related sites were not visited but were searched for in a search engine. Which of the following MOST likely happened inthis situation?


Options are :

  • The alert in unrelated to the analysts search.
  • The analyst accidently clicked a link related to the indicator.
  • The analyst is not using the standard approved browser.
  • The analyst has prefetch enabled on the browser in use. (Correct)

Answer : The analyst has prefetch enabled on the browser in use.

CompTIA JK0-022 E2C Security Data & Host Security Exam Set 7

A network administrator is attempting to troubleshoot an issue regarding certificates on a secure website.During the troubleshooting process, the network administrator notices that the web gateway proxy on the local network has signed all of the certificates on the localmachine.Which of the following describes the type of attack the proxy has been legitimately programmed to perform?


Options are :

  • Man-in-the-middle (Correct)
  • Replay
  • Spoofing
  • Transitive access

Answer : Man-in-the-middle

Management is concerned with administrator access from outside the network to a key server in the company. Specifically, firewall rules allow access to the serverfrom anywhere in the company. Which of the following would be an effective solution?


Options are :

  • Anti-malware
  • Server hardening
  • Honeypot
  • Jump box (Correct)

Answer : Jump box

Several users have reported that when attempting to save documents in team folders, the following message is received:The File Cannot Be Copied or Moved Service Unavailable.Upon further investigation, it is found that the syslog server is not obtaining log events from the file server to which the users are attempting to copy files. Which ofthe following is the MOST likely scenario causing these issues?


Options are :

  • The network is saturated, causing network congestion (Correct)
  • Malicious processes are running on the file server
  • All the available space on the file server is consumed
  • The file server is experiencing high CPU and memory utilization

Answer : The network is saturated, causing network congestion

CompTIA MB0-001 Mobility+ Certification Practice Exam Set 5

The help desk informed a security analyst of a trend that is beginning to develop regarding a suspicious email that has been reported by multiple users. The analysthas determined the email includes an attachment named invoice.zip that contains the following files:Locky.jsxerty.inixerty.libFurther analysis indicates that when the .zip file is opened, it is installing a new version of ransomware on the devices. Which of the following should be done FIRSTto prevent data on the company NAS from being encrypted by infected devices?


Options are :

  • Email employees instructing them not to open the invoice attachment. (Correct)
  • Add the URL included in the .js file to the companys web proxy filter.
  • Set permissions on file shares to read-only.
  • Disable access to the company VPN.

Answer : Email employees instructing them not to open the invoice attachment.

A security analyst is adding input to the incident response communication plan. A company officer has suggested that if a data breach occurs, only affected partiesshould be notified to keep an incident from becoming a media headline. Which of the following should the analyst recommend to the company officer?


Options are :

  • The HR department should have information security personnel who are involved in the investigation of the incident sign non-disclosure agreements so thecompany cannot be held liable for customer data that might be viewed during an investigation.
  • An externally hosted website should be prepared in advance to ensure that when an incident occurs victims have timely access to notifications from a non-compromised recourse.
  • Guidance from laws and regulations should be considered when deciding who must be notified in order to avoid fines and judgements from non-compliance.
  • The first responder should contact law enforcement upon confirmation of a security incident in order for a forensics team to preserve chain of custody. (Correct)

Answer : The first responder should contact law enforcement upon confirmation of a security incident in order for a forensics team to preserve chain of custody.

A cybersecurity analyst is completing an organizations vulnerability report and wants it to reflect assets accurately. Which of the following items should be in thereport?


Options are :

  • Processor utilization
  • Asset isolation
  • Log disposition
  • Virtual hosts (Correct)
  • Organizational governance

Answer : Virtual hosts

CompTIA JK0-018 Security+ E2C Certified Practice Exam Set 1

The security configuration management policy states that all patches must undergo testing procedures before being moved into production. The security analystnotices a single web application server has been downloading and applying patches during non-business hours without testing. There are no apparent adversereactions, server functionality does not seem to be affected, and no malware was found after a scan.Which of the following actions should the analyst take?


Options are :

  • Monitor the web application for service interruptions caused from the patching.
  • Create an incident ticket for anomalous activity. (Correct)
  • Reschedule the automated patching to occur during business hours.
  • Monitor the web application service for abnormal bandwidth consumption.

Answer : Create an incident ticket for anomalous activity.

Which of the following actions should occur to address any open issues while closing an incident involving various departments within the network?


Options are :

  • Lessons learned report (Correct)
  • Chain of custody documentation
  • Incident response plan
  • Reverse engineering process

Answer : Lessons learned report

As part of an upcoming engagement for a client, an analyst is configuring a penetration testing application to ensure the scan complies with information defined inthe SOW. Which of the following types of information should be considered based on information traditionally found in the SOW? (Select two.)


Options are :

  • Timing of the scan (Correct)
  • Excluded hosts (Correct)
  • Incident response policies
  • IPS configuration
  • Contents of the executive summary report
  • Maintenance windows

Answer : Timing of the scan Excluded hosts

CompTIA JK0-015 E2C Security+ Certification Practice Test Set 5

A SIEM analyst noticed a spike in activities from the guest wireless network to several electronic health record (EHR) systems. After further analysis, the analystdiscovered that a large volume of data has been uploaded to a cloud provider in the last six months. Which of the following actions should the analyst do FIRST?


Options are :

  • Contact the Office of Civil Rights (OCR) to report the breach
  • Notify the Chief Privacy Officer (CPO)
  • Put an ACL on the gateway router (Correct)
  • Activate the incident response plan

Answer : Put an ACL on the gateway router

A database administrator contacts a security administrator to request firewall changes for a connection to a new internal application.The security administrator notices that the new application uses a port typically monopolized by a virus.The security administrator denies the request and suggests a new port or service be used to complete the applications task.Which of the following is the security administrator practicing in this example?


Options are :

  • Access control lists (Correct)
  • Implicit deny
  • Explicit deny
  • Port security

Answer : Access control lists

A security analyst has determined that the user interface on an embedded device is vulnerable to common SQL injections. The device is unable to be replaced, andthe software cannot be upgraded. Which of the following should the security analyst recommend to add additional security to this device?


Options are :

  • The security analyst should recommend this device be included in regular vulnerability scans.
  • The security analyst should recommend this device be placed behind a WAF. (Correct)
  • The security analyst should recommend this device regularly export the web logs to a SIEM system.
  • The security analyst should recommend an IDS be placed on the network segment.

Answer : The security analyst should recommend this device be placed behind a WAF.

SY0-401 CompTIA Security+ Certification Practice Exam Set 10

When network administrators observe an increased amount of web traffic without an increased number of financial transactions, the company is MOST likelyexperiencing which of the following attacks?


Options are :

  • Bluejacking
  • Phishing
  • ARP cache poisoning
  • DoS (Correct)

Answer : DoS

A security analyst is attempting to configure a vulnerability scan for a new segment on the network. Given the requirement to prevent credentials from traversing thenetwork while still conducting a credentialed scan, which of the following is the BEST choice?


Options are :

  • Deploy scanners with administrator privileges on each endpoint
  • Encrypt all of the traffic between the scanner and the endpoint
  • Install agents on the endpoints to perform the scan (Correct)
  • Provide each endpoint with vulnerability scanner credentials

Answer : Install agents on the endpoints to perform the scan

Which of the following principles describes how a security analyst should communicate during an incident?


Options are :

  • The communication should be limited to management only.
  • The communication should be limited to trusted parties only.
  • The communication should come from law enforcement.
  • The communication should be limited to security staff only. (Correct)

Answer : The communication should be limited to security staff only.

220-702 CompTIA A+ Practical Application Practice Exam Set 1

Which of the following principles describes how a security analyst should communicate during an incident?


Options are :

  • The communication should come from law enforcement.
  • The communication should be limited to trusted parties only.
  • The communication should be limited to security staff only. (Correct)
  • The communication should be limited to management only.

Answer : The communication should be limited to security staff only.

Which of the following is MOST effective for correlation analysis by log for threat management?


Options are :

  • PCAP
  • IPS
  • SCAP
  • SIEM (Correct)

Answer : SIEM

An organization wants to remediate vulnerabilities associated with its web servers. An initial vulnerability scan has been performed, and analysts are reviewing theresults. Before starting any remediation, the analysts want to remove false positives to avoid spending time on issues that are not actual vulnerabilities. Which of thefollowing would be an indicator of a likely false positive?


Options are :

  • The scan result version is different from the automated asset inventory.
  • Any items labeled low are considered informational only. (Correct)
  • HTTPS entries indicate the web page is encrypted securely.
  • Reports show the scanner compliance plug-in is out-of-date.

Answer : Any items labeled low are considered informational only.

CompTIA PD1-001 PDI+ Beta Certification Practice Exam Set 24

The new Chief Technology Officer (CTO) is seeking recommendations for network monitoring services for the local intranet. The CTO would like the capability tomonitor all traffic to and from the gateway, as well as the capability to block certain content. Which of the following recommendations would meet the needs of theorganization?


Options are :

  • Recommend installation of an IPS on both the internal and external interfaces of the gateway router.
  • Recommend installation of an IDS on the internal interface and a firewall on the external interface of the gateway router.
  • Recommend setup of IP filtering on both the internal and external interfaces of the gateway router.
  • Recommend installation of a firewall on the internal interface and a NIDS on the external interface of the gateway router. (Correct)

Answer : Recommend installation of a firewall on the internal interface and a NIDS on the external interface of the gateway router.

Which of the following are essential components within the rules of engagement for a penetration test? (Select TWO).


Options are :

  • Authorization (Correct)
  • List of system administrators
  • Payment terms
  • Business justification
  • Schedule (Correct)

Answer : Authorization Schedule

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions