CompTIA Cyber Security Analyst (CySA+) Practice Exams 2019 Set 3

A threat intelligence feed has posted an alert stating there is a critical vulnerability in the kernel. Unfortunately, the companys asset inventory is not current. Whichof the following techniques would a cybersecurity analyst perform to find all affected servers within an organization?


Options are :

  • A service discovery scan on the network
  • A manual log review from data sent to syslog
  • A packet capture of data traversing the server network
  • An OS fingerprinting scan across all hosts (Correct)

Answer : An OS fingerprinting scan across all hosts

JK0-019 CompTIA E2C Network + Certification Exam Set 8

A network technician is concerned that an attacker is attempting to penetrate the network, and wants to set a rule on the firewall to prevent the attacker fromlearning which IP addresses are valid on the network. Which of the following protocols needs to be denied?


Options are :

  • ICMP (Correct)
  • SMTP
  • TCP
  • ARP

Answer : ICMP

A security analyst is attempting to configure a vulnerability scan for a new segment on the network. Given the requirement to prevent credentials from traversing thenetwork while still conducting a credentialed scan, which of the following is the BEST choice?


Options are :

  • Install agents on the endpoints to perform the scan (Correct)
  • Deploy scanners with administrator privileges on each endpoint
  • Provide each endpoint with vulnerability scanner credentials
  • Encrypt all of the traffic between the scanner and the endpoint

Answer : Install agents on the endpoints to perform the scan

Considering confidentiality and integrity, which of the following make servers more secure than desktops? (Select THREE).


Options are :

  • Processing power
  • Trained operators (Correct)
  • VLANs
  • Physical access restriction (Correct)
  • OS (Correct)
  • Hard drive capacity

Answer : Trained operators Physical access restriction OS

CV0-001 CompTIA Cloud+ Certification Practice Exam Set 4

A cybersecurity analyst has several SIEM event logs to review for possible APT activity. The analyst was given several items that include lists of indicators for bothIP addresses and domains. Which of the following actions is the BEST approach for the analyst to perform?


Options are :

  • Use the IP addresses to search through the event logs.
  • Analyze the trends of the events while manually reviewing to see if any of the indicators match. (Correct)
  • Create an advanced query that includes all of the indicators, and review any of the matches.
  • Scan for vulnerabilities with exploits known to have been used by an APT.

Answer : Analyze the trends of the events while manually reviewing to see if any of the indicators match.

Management is concerned with administrator access from outside the network to a key server in the company. Specifically, firewall rules allow access to the serverfrom anywhere in the company. Which of the following would be an effective solution?


Options are :

  • Anti-malware
  • Jump box (Correct)
  • Server hardening
  • Honeypot

Answer : Jump box

Which of the following stakeholders would need to be aware of an e-discovery notice received by the security office about an ongoing case within the manufacturingdepartment?


Options are :

  • Board of trustees
  • Marketing
  • Legal (Correct)
  • Human resources

Answer : Legal

220-701 A+ Essentials Certification Practice Exam Set 10

Due to new regulations, a company has decided to institute an organizational vulnerability management program and assign the function to the security team.Which of the following frameworks would BEST support the program? (Select two.)


Options are :

  • OWASP
  • ISO 27000 series
  • NIST (Correct)
  • ITIL (Correct)
  • COBIT

Answer : NIST ITIL

The security operations team is conducting a mock forensics investigation. Which of the following should be the FIRST action taken after seizing a compromisedworkstation?


Options are :

  • Analyze the forensic image
  • Activate the escalation checklist
  • Perform evidence acquisition (Correct)
  • Implement the incident response plan

Answer : Perform evidence acquisition

During a routine review of firewall logs, an analyst identified that an IP address from the organizations server subnet had been connecting during nighttime hours toa foreign IP address, and had been sending between 150 and 500 megabytes of data each time. This had been going on for approximately one week, and theaffected server was taken offline for forensic review. Which of the following is MOST likely to drive up the incidents impact assessment?


Options are :

  • Raw financial information about the company was accessed.
  • The local root password for the affected server was compromised.
  • PII of company employees and customers was exfiltrated. (Correct)
  • Forensic review of the server required fall-back on a less efficient service.
  • IP addresses and other network-related configurations were exfiltrated.

Answer : PII of company employees and customers was exfiltrated.

JK0-015 CompTIA E2C Security+ 2008 Edition Practice Exam Set 12

A university wants to increase the security posture of its network by implementing vulnerability scans of both centrally managed and student/employee laptops. Thesolution should be able to scale, provide minimum false positives and high accuracy of results, and be centrally managed through an enterprise console. Which ofthe following scanning topologies is BEST suited for this environment?


Options are :

  • A passive scanning engine located at the core of the network infrastructure
  • A combination of server-based and agent-based scanning engines
  • An active scanning engine installed on the enterprise console (Correct)
  • A combination of cloud-based and server-based scanning engines

Answer : An active scanning engine installed on the enterprise console

Which of the following is a control that allows a mobile application to access and manipulate information which should only be available by another application onthe same mobile device (e.g. a music application posting the name of the current song playing on the device on a social media site)?


Options are :

  • Dual authentication
  • Mutually exclusive access
  • Transitive trust (Correct)
  • Co-hosted application

Answer : Transitive trust

Nmap scan results on a set of IP addresses returned one or more lines beginning with cpe:/o: followed by a company name, product name, and version. Which ofthe following would this string help an administrator to identify?


Options are :

  • Installed hardware
  • Running services
  • Operating system (Correct)
  • Installed software

Answer : Operating system

JK0-016 CompTIA Network+ 2009 Edition Practice Exam Set 12

An incident response report indicates a virus was introduced through a remote host that was connected to corporate resources. A cybersecurity analyst has beenasked for a recommendation to solve this issue. Which of the following should be applied?


Options are :

  • TAP
  • MAC
  • NAC (Correct)
  • ACL

Answer : NAC

As part of the SDLC, software developers are testing the security of a new web application by inputting large amounts of random data. Which of the following typesof testing is being performed?


Options are :

  • Regression testing
  • Fuzzing (Correct)
  • Input validation
  • Stress testing

Answer : Fuzzing

An executive tasked a security analyst to aggregate past logs, traffic, and alerts on a particular attack vector. The analyst was then tasked with analyzing the dataand making predictions on future complications regarding this attack vector. Which of the following types of analysis is the security analyst MOST likely conducting?


Options are :

  • Behavior analysis
  • Availability analysis
  • Trend analysis (Correct)
  • Business analysis

Answer : Trend analysis

CompTIA JK0-015 E2C Security+ Certification Practice Test Set 22

Which of the following is MOST effective for correlation analysis by log for threat management?


Options are :

  • SCAP
  • IPS
  • PCAP
  • SIEM (Correct)

Answer : SIEM

An HR employee began having issues with a device becoming unresponsive after attempting to open an email attachment. When informed, the security analystbecame suspicious of the situation, even though there was not any unusual behavior on the IDS or any alerts from the antivirus software. Which of the followingBEST describes the type of threat in this situation?


Options are :

  • Packet of death
  • PII exfiltration
  • Zero-day malware (Correct)
  • Known virus

Answer : Zero-day malware

While preparing for a third-party audit, the vice president of risk management and the vice president of information technology have stipulated that the vendor maynot use offensive software during the audit. This is an example of:


Options are :

  • service-level agreement.
  • organizational control.
  • risk appetite
  • rules of engagement. (Correct)

Answer : rules of engagement.

CompTIA JK0-801 A+ Laptops Printers and Operational Exam Set 7

A network administrator is attempting to troubleshoot an issue regarding certificates on a secure website.During the troubleshooting process, the network administrator notices that the web gateway proxy on the local network has signed all of the certificates on the localmachine.Which of the following describes the type of attack the proxy has been legitimately programmed to perform?


Options are :

  • Man-in-the-middle (Correct)
  • Spoofing
  • Transitive access
  • Replay

Answer : Man-in-the-middle

Using a heuristic system to detect an anomaly in a computers baseline, a system administrator was able to detect an attack even though the company signaturebased IDS and antivirus did not detect it. Further analysis revealed that the attacker had downloaded an executable file onto the company PC from the USB port,and executed it to trigger a privilege escalation flaw. Which of the following attacks has MOST likely occurred?


Options are :

  • XML injection
  • Directory traversal
  • Zero-day (Correct)
  • Cookie stealing

Answer : Zero-day

An analyst finds that unpatched servers have undetected vulnerabilities because the vulnerability scanner does not have the latest set of signatures. Managementdirected the security team to have personnel update the scanners with the latest signatures at least 24 hours before conducting any scans, but the outcome isunchanged. Which of the following is the BEST logical control to address the failure?


Options are :

  • Configure vulnerability scans to run in credentialed mode.
  • Manually validate that the existing update is being performed.
  • Test vulnerability remediation in a sandbox before deploying.
  • Configure a script to automatically update the scanning tool. (Correct)

Answer : Configure a script to automatically update the scanning tool.

JK0-017 CompTIA E2C Project+ Certification Practice Exam Set 5

A database administrator contacts a security administrator to request firewall changes for a connection to a new internal application.The security administrator notices that the new application uses a port typically monopolized by a virus.The security administrator denies the request and suggests a new port or service be used to complete the applications task.Which of the following is the security administrator practicing in this example?


Options are :

  • Implicit deny
  • Explicit deny
  • Port security
  • Access control lists (Correct)

Answer : Access control lists

The help desk informed a security analyst of a trend that is beginning to develop regarding a suspicious email that has been reported by multiple users. The analysthas determined the email includes an attachment named invoice.zip that contains the following files:Locky.jsxerty.inixerty.libFurther analysis indicates that when the .zip file is opened, it is installing a new version of ransomware on the devices. Which of the following should be done FIRSTto prevent data on the company NAS from being encrypted by infected devices?


Options are :

  • Email employees instructing them not to open the invoice attachment. (Correct)
  • Set permissions on file shares to read-only.
  • Disable access to the company VPN.
  • Add the URL included in the .js file to the companys web proxy filter.

Answer : Email employees instructing them not to open the invoice attachment.

Following a recent security breach, a post-mortem was done to analyze the driving factors behind the breach. The cybersecurity analysis discussed potentialimpacts, mitigations, and remediations based on current events and emerging threat vectors tailored to specific stakeholders. Which of the following is thisconsidered to be?


Options are :

  • Threat information
  • Advanced persistent threats
  • Threat data
  • Threat intelligence (Correct)

Answer : Threat intelligence

CompTIA N10-004 Network+ Certification Practice Test Set 7

A cybersecurity analyst has several log files to review. Instead of using grep and cat commands, the analyst decides to find a better approach to analyze thelogs. Given a list of tools, which of the following would provide a more efficient way for the analyst to conduct a timeline analysis, do keyword searches, and output areport?


Options are :

  • Syslog
  • OSSIM
  • Splunk (Correct)
  • Kali

Answer : Splunk

A technician recently fixed a computer with several viruses and spyware programs on it and notices the Internet settings were set to redirect all traffic through anunknown proxy. This type of attack is known as which of the following?


Options are :

  • Phishing
  • Man-in-the-middle (Correct)
  • Shoulder surfing
  • Social engineering

Answer : Man-in-the-middle

A company has recently launched a new billing invoice website for a few key vendors. The cybersecurity analyst is receiving calls that the website is performingslowly and the pages sometimes time out. The analyst notices the website is receiving millions of requests, causing the service to become unavailable. Which of thefollowing can be implemented to maintain the availability of the website?


Options are :

  • Honeypot
  • MAC filtering
  • DMZ
  • Whitelisting (Correct)
  • VPN

Answer : Whitelisting

JK0-015 CompTIA E2C Security+ 2008 Edition Practice Exam Set 8

A security analyst has determined that the user interface on an embedded device is vulnerable to common SQL injections. The device is unable to be replaced, andthe software cannot be upgraded. Which of the following should the security analyst recommend to add additional security to this device?


Options are :

  • The security analyst should recommend an IDS be placed on the network segment.
  • The security analyst should recommend this device regularly export the web logs to a SIEM system.
  • The security analyst should recommend this device be placed behind a WAF. (Correct)
  • The security analyst should recommend this device be included in regular vulnerability scans.

Answer : The security analyst should recommend this device be placed behind a WAF.

A computer has been infected with a virus and is sending out a beacon to command and control server through an unknown service. Which of the following shoulda security technician implement to drop the traffic going to the command and control server and still be able to identify the infected host through firewall logs?


Options are :

  • Sinkhole (Correct)
  • Block ports and services
  • Endpoint security
  • Patches

Answer : Sinkhole

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions