CompTIA Cyber Security Analyst (CySA+) Practice Exams 2019 Set 9

In order to meet regulatory compliance objectives for the storage of PHI, vulnerability scans must be conducted on a continuous basis. The last completed scan ofthe network returned 5,682 possible vulnerabilities. The Chief Information Officer (CIO) would like to establish a remediation plan to resolve all known issues. Whichof the following is the BEST way to proceed?


Options are :

  • Hold off on additional scanning until the current list of vulnerabilities have been resolved.
  • Attempt to identify all false positives and exceptions, and then resolve all remaining items.
  • Place assets that handle PHI in a sandbox environment, and then resolve all vulnerabilities.
  • Reduce the scan to items identified as critical in the asset inventory, and resolve these issues first. (Correct)

Answer : Reduce the scan to items identified as critical in the asset inventory, and resolve these issues first.

HT0-201 CEA- CompTIA DHTI+ Certification Practice Exam Set 6

A security analysts company uses RADIUS to support a remote sales staff of more than 700 people. The Chief Information Security Officer (CISO) asked to haveIPSec using ESP and 3DES enabled to ensure the confidentiality of the communication as per RFC 3162. After the implementation was complete, many salesusers reported latency issues and other performance issues when attempting to connect remotely. Which of the following is occurring?


Options are :

  • The IPSec implementation has significantly increased the amount of bandwidth needed.
  • RFC 3162 is known to cause significant performance problems.
  • The device running RADIUS lacks sufficient RAM and processing power to handle ESP implementation. (Correct)
  • The implementation should have used AES instead of 3DES.

Answer : The device running RADIUS lacks sufficient RAM and processing power to handle ESP implementation.

A security analyst is performing a review of Active Directory and discovers two new user accounts in the accounting department. Neither of the users has elevatedpermissions, but accounts in the group are given access to the companys sensitive financial management application by default. Which of the following is theBEST course of action?


Options are :

  • Follow the incident response plan for the introduction of new accounts
  • Monitor the outbound traffic from the application for signs of data exfiltration
  • Confirm the accounts are valid and ensure role-based permissions are appropriate (Correct)
  • Disable the user accounts
  • Remove the accounts access privileges to the sensitive application

Answer : Confirm the accounts are valid and ensure role-based permissions are appropriate

A security analyst is performing a forensic analysis on a machine that was the subject of some historic SIEM alerts. The analyst noticed some network connectionsutilizing SSL on non-common ports, copies of svchost.exe and cmd.exe in %TEMP% folder, and RDP files that had connected to external IPs. Which of thefollowing threats has the security analyst uncovered?


Options are :

  • APT (Correct)
  • DDoS
  • Ransomware
  • Software vulnerability

Answer : APT

JK0-802 CompTIA A+ Certification Exam Set 4

A security analyst has been asked to remediate a server vulnerability. Once the analyst has located a patch for the vulnerability, which of the following shouldhappen NEXT?


Options are :

  • Rescan to ensure the vulnerability still exists.
  • Begin the incident response process.
  • Implement continuous monitoring.
  • Start the change control process. (Correct)

Answer : Start the change control process.

Which of the allowing is a best practice with regard to interacting with the media during an incident?


Options are :

  • Designate a single port of contact and at least one backup for contact with the media. (Correct)
  • Allow any senior management level personnel with knowledge of the incident to discuss it.
  • Release financial information on the impact of damages caused by the incident.
  • Stipulate that incidents are not to be discussed with the media at any time during the incident.

Answer : Designate a single port of contact and at least one backup for contact with the media.

Which of the following describes why it is important to include scope within the rules of engagement of a penetration test?


Options are :

  • To ensure servers are not impacted and service is not degraded
  • To ensure the network segment being tested has been properly secured
  • To ensure sensitive hosts are not scanned
  • To ensure all systems being scanned are owned by the company (Correct)

Answer : To ensure all systems being scanned are owned by the company

220-801 CompTIA A+ Certification Practice Exam Set 4

Management wants to scan servers for vulnerabilities on a periodic basis. Management has decided that the scan frequency should be determined only by vendorpatch schedules and the organizations application deployment schedule. Which of the following would force the organization to conduct an out-of-cycle vulnerabilityscan?


Options are :

  • Newly discovered PII on a server
  • A vendor releases a critical patch update (Correct)
  • A critical bug fix in the organizations application
  • False positives identified in production

Answer : A vendor releases a critical patch update

A security incident has been created after noticing unusual behavior from a Windows domain controller. The server administrator has discovered that a user loggedin to the server with elevated permissions, but the users account does not follow the standard corporate naming scheme. There are also several other accounts inthe administrators group that do not follow this naming scheme. Which of the following is the possible cause for this behavior and the BEST remediation step?


Options are :

  • The Windows Active Directory domain controller has not completed synchronization, and should force the domain controller to sync.
  • The server has been compromised and should be removed from the network and cleaned before reintroducing it to the network.
  • The naming scheme allows for too many variations, and the account naming convention should be updates to enforce organizational policies. (Correct)
  • The server administrator created user accounts cloning the wrong user ID, and the accounts should be removed from administrators and placed in an employeegroup.

Answer : The naming scheme allows for too many variations, and the account naming convention should be updates to enforce organizational policies.

A threat intelligence feed has posted an alert stating there is a critical vulnerability in the kernel. Unfortunately, the companys asset inventory is not current. Whichof the following techniques would a cybersecurity analyst perform to find all affected servers within an organization?


Options are :

  • A manual log review from data sent to syslog
  • A service discovery scan on the network
  • An OS fingerprinting scan across all hosts (Correct)
  • A packet capture of data traversing the server network

Answer : An OS fingerprinting scan across all hosts

CompTIA Cyber Security Analyst (CySA+) Practice Exams 2019 Set 11

An analyst has received unusual alerts on the SIEM dashboard. The analyst wants to get payloads that the hackers are sending toward the target systems withoutimpacting the business operation. Which of the following should the analyst implement?


Options are :

  • Honeypot (Correct)
  • Sandboxing
  • Jump box
  • Virtualization

Answer : Honeypot

Scan results identify critical Apache vulnerabilities on a companys web servers. A security analyst believes many of these results are false positives because theweb environment mostly consists of Windows servers.Which of the following is the BEST method of verifying the scan results?


Options are :

  • Run a service discovery scan on the identified servers. (Correct)
  • Review logs of each host in the SIEM.
  • Refer to the identified servers in the asset inventory.
  • Perform a top-ports scan against the identified servers.

Answer : Run a service discovery scan on the identified servers.

An investigation showed a worm was introduced from an engineers laptop. It was determined the company does not provide engineers with company-ownedlaptops, which would be subject to company policy and technical controls.Which of the following would be the MOST secure control implement?


Options are :

  • Deploy a company-wide approved engineering workstation for management access. (Correct)
  • Deploy HIDS on all engineer-provided laptops, and put a new router in the management network.
  • Implement role-based group policies on the management network for client access.
  • Utilize a jump box that is only allowed to connect to clients from the management network.

Answer : Deploy a company-wide approved engineering workstation for management access.

CompTIA JK0-022 E2C Security+ Threats & Vulnerabilities Exam Set 1

A security analyst is creating baseline system images to remediate vulnerabilities found in different operating systems. Each image needs to be scanned before it isdeployed. The security analyst must ensure the configurations match industry standard benchmarks and the process can be repeated frequently. Which of thefollowing vulnerability options would BEST create the process requirements?


Options are :

  • Utilizing an authorized credential scan
  • Utilizing an operating system SCAP plugin (Correct)
  • Utilizing a non-credential scan
  • Utilizing a known malware plugin

Answer : Utilizing an operating system SCAP plugin

A recent vulnerability scan found four vulnerabilities on an organizations public Internet-facing IP addresses. Prioritizing in order to reduce the risk of a breach to theorganization, which of the following should be remediated FIRST?


Options are :

  • A buffer overflow that allows remote code execution. (Correct)
  • A cipher that is known to be cryptographically weak.
  • A website using a self-signed SSL certificate.
  • An HTTP response that reveals an internal IP address.

Answer : A buffer overflow that allows remote code execution.

Following a recent security breach, a post-mortem was done to analyze the driving factors behind the breach. The cybersecurity analysis discussed potentialimpacts, mitigations, and remediations based on current events and emerging threat vectors tailored to specific stakeholders. Which of the following is thisconsidered to be?


Options are :

  • Advanced persistent threats
  • Threat information
  • Threat data
  • Threat intelligence (Correct)

Answer : Threat intelligence

JK0-015 CompTIA E2C Security+ 2008 Edition Practice Exam Set 9

A nuclear facility manager determined the need to monitor utilization of water within the facility. A startup company just announced a state-of-the-art solution toaddress the need for integrating the business and ICS network. The solution requires a very small agent to be installed on the ICS equipment. Which of thefollowing is the MOST important security control for the manager to invest in to protect the facility?


Options are :

  • Require that the solution provider make the agent source code available for analysis.
  • Run a penetration test on the installed agent.
  • Install the agent for a week on a test system and monitor the activities. (Correct)
  • Require through guides for administrator and users.

Answer : Install the agent for a week on a test system and monitor the activities.

A SIEM analyst noticed a spike in activities from the guest wireless network to several electronic health record (EHR) systems. After further analysis, the analystdiscovered that a large volume of data has been uploaded to a cloud provider in the last six months. Which of the following actions should the analyst do FIRST?


Options are :

  • Notify the Chief Privacy Officer (CPO)
  • Put an ACL on the gateway router (Correct)
  • Contact the Office of Civil Rights (OCR) to report the breach
  • Activate the incident response plan

Answer : Put an ACL on the gateway router

An analyst has noticed unusual activities in the SIEM to a .cn domain name. Which of the following should the analyst use to identify the content of the traffic?


Options are :

  • DNS harvesting
  • Packet capture (Correct)
  • Service discovery
  • Log review

Answer : Packet capture

CA1-001 CompTIA Advanced Security Practitioner Practice Exam Set 4

A pharmacy gives its clients online access to their records and the ability to review bills and make payments. A new SSL vulnerability on a special platform wasdiscovered, allowing an attacker to capture the data between the end user and the web server providing these services. After investigating the platform vulnerability,it was determined that the web services provided are being impacted by this new threat.Which of the following data types are MOST likely at risk of exposure based on this new threat? (Choose two.)


Options are :

  • Cardholder data (Correct)
  • Intellectual property
  • Personal health information (Correct)
  • Corporate financial data
  • Employee records

Answer : Cardholder data Personal health information

The Chief Security Officer (CSO) has requested a vulnerability report of systems on the domain, identifying those running outdated OSs. The automated scanreports are not displaying OS version details, so the CSO cannot determine risk exposure levels from vulnerable systems. Which of the following should thecybersecurity analyst do to enumerate OS information as part of the vulnerability scanning process in the MOST efficient manner?


Options are :

  • Execute the nmap p command
  • Use Wireshark to export a list
  • Execute the ver command (Correct)
  • Use credentialed configuration

Answer : Execute the ver command

An organization wants to remediate vulnerabilities associated with its web servers. An initial vulnerability scan has been performed, and analysts are reviewing theresults. Before starting any remediation, the analysts want to remove false positives to avoid spending time on issues that are not actual vulnerabilities. Which of thefollowing would be an indicator of a likely false positive?


Options are :

  • The scan result version is different from the automated asset inventory.
  • Reports show the scanner compliance plug-in is out-of-date.
  • HTTPS entries indicate the web page is encrypted securely.
  • Any items labeled low are considered informational only. (Correct)

Answer : Any items labeled low are considered informational only.

CompTIA JK0-015 E2C Security+ Certification Practice Test Set 5

An organization has recently recovered from an incident where a managed switch had been accessed and reconfigured without authorization by an insider. Theincident response team is working on developing a lessons learned report with recommendations. Which of the following recommendations will BEST prevent thesame attack from occurring in the future?


Options are :

  • Analyze normal behavior on the network and configure the IDS to alert on deviations from normal.
  • Remove and replace the managed switch with an unmanaged one.
  • Install and configure NAC services to allow only authorized devices to connect to the network.
  • Implement a separate logical network segment for management interfaces. (Correct)

Answer : Implement a separate logical network segment for management interfaces.

A centralized tool for organizing security events and managing their response and resolution is known as:


Options are :

  • Wireshark
  • SIEM (Correct)
  • HIPS
  • Syslog

Answer : SIEM

A security analyst is concerned that unauthorized users can access confidential data stored in the production server environment. All workstations on a particularnetwork segment have full access to any server in production. Which of the following should be deployed in the production environment to prevent unauthorizedaccess? (Choose two.)


Options are :

  • Honeypot
  • Firewall (Correct)
  • IPS
  • Jump box (Correct)
  • DLP system

Answer : Firewall Jump box

220-701 A+ Essentials Certification Practice Exam Set 11

File integrity monitoring states the following files have been changed without a written request or approved change. The following change has been made:chmod 777 Rv /usrWhich of the following may be occurring?


Options are :

  • The ownership pf /usr has been changed to the current user.
  • Administrative commands have been made world readable/writable. (Correct)
  • The ownership of/usr has been changed to the root user.
  • Administrative functions have been locked from users.

Answer : Administrative commands have been made world readable/writable.

Policy allows scanning of vulnerabilities during production hours, but production servers have been crashing lately due to unauthorized scans performed by juniortechnicians. Which of the following is the BEST solution to avoid production server downtime due to these types of scans?


Options are :

  • Transition from centralized to agent-based scans.
  • Require vulnerability scans be performed by trained personnel. (Correct)
  • Configure daily-automated detailed vulnerability reports.
  • Implement sandboxing to analyze the results of each scan.
  • Scan only as required for regulatory compliance.

Answer : Require vulnerability scans be performed by trained personnel.

A company that is hiring a penetration tester wants to exclude social engineering from the list of authorized activities. Which of the following documents shouldinclude these details?


Options are :

  • Service level agreement
  • Rules of engagement (Correct)
  • Acceptable use policy
  • Master service agreement
  • Memorandum of understanding

Answer : Rules of engagement

220-902 CompTIA A+ Certification Practice Exam Set 5

A cybersecurity analyst traced the source of an attack to compromised user credentials. Log analysis revealed that the attacker successfully authenticated from anunauthorized foreign country. Management asked the security analyst to research and implement a solution to help mitigate attacks based on compromisedpasswords. Which of the following should the analyst implement?


Options are :

  • Context-based authentication (Correct)
  • Single sign-on
  • Self-service password reset
  • Password complexity

Answer : Context-based authentication

A security administrator determines several months after the first instance that a local privileged user has been routinely logging into a server interactively as rootand browsing the Internet. The administrator determines this by performing an annual review of the security logs on that server. For which of the following securityarchitecture areas should the administrator recommend review and modification? (Select TWO).


Options are :

  • Password complexity
  • Acceptable use policies (Correct)
  • Software assurance
  • Log aggregation and analysis (Correct)
  • Encryption
  • Network isolation and separation

Answer : Acceptable use policies Log aggregation and analysis

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions