CompTIA Cyber Security Analyst (CySA+) Practice Exams 2019 Set 10

Various devices are connecting and authenticating to a single evil twin within the network. Which of the following are MOST likely being targeted?


Options are :

  • All endpoints
  • Mobile devices (Correct)
  • Wired SCADA devices
  • Network infrastructure
  • VPNs

Answer : Mobile devices

CompTIA Cyber Security Analyst (CySA+) Practice Exams 2019 Set 7

Company A permits visiting business partners from Company B to utilize Ethernet ports available in Company As conference rooms. This access is provided toallow partners the ability to establish VPNs back to Company Bs network. The security architect for Company A wants to ensure partners from Company B are ableto gain direct Internet access from available ports only, while Company A employees can gain access to the Company A internal network from those same ports.Which of the following can be employed to allow this?


Options are :

  • SAML
  • MAC
  • NAC (Correct)
  • SIEM
  • ACL

Answer : NAC

Which of the following commands would a security analyst use to make a copy of an image for forensics use?


Options are :

  • wget
  • dd (Correct)
  • touch
  • rm

Answer : dd

A cybersecurity analyst is hired to review the security posture of a company. The cybersecurity analyst notices a very high network bandwidth consumption due toSYN floods from a small number of IP addresses.Which of the following would be the BEST action to take to support incident response?


Options are :

  • Install a packet capturing tool.
  • Block all SYN packets.
  • Apply ingress filters at the routers. (Correct)
  • Increase the companys bandwidth.

Answer : Apply ingress filters at the routers.

NEW! CompTIA A+ 2019 Cert. Core 2 (220-1002) Practice Tests Set 2

The software development team pushed a new web application into production for the accounting department. Shortly after the application was published, the headof the accounting department informed IT operations that the application was not performing as intended. Which of the following SDLC best practices was missed?


Options are :

  • Regression testing
  • Fuzzing
  • Peer code reviews
  • User acceptance testing (Correct)
  • Static code analysis

Answer : User acceptance testing

An application development company released a new version of its software to the public. A few days after the release, the company is notified by end users thatthe application is notably slower, and older security bugs have reappeared in the new release. The development team has decided to include the security analystduring their next development cycle to help address the reported issues. Which of the following should the security analyst focus on to remedy the existing reportedproblems?


Options are :

  • The security analyst should perform application fuzzing to locate application vulnerabilities during each application development cycle.
  • The security analyst should perform secure coding practices during each application development cycle.
  • The security analyst should perform end user acceptance security testing during each application development cycle.
  • The security analyst should perform security regression testing during each application development cycle. (Correct)

Answer : The security analyst should perform security regression testing during each application development cycle.

A network technician is concerned that an attacker is attempting to penetrate the network, and wants to set a rule on the firewall to prevent the attacker fromlearning which IP addresses are valid on the network. Which of the following protocols needs to be denied?


Options are :

  • TCP
  • SMTP
  • ARP
  • ICMP (Correct)

Answer : ICMP

LX0-104 CompTIA Linux+ [Powered by LPI] Exam Set 1

While preparing for a third-party audit, the vice president of risk management and the vice president of information technology have stipulated that the vendor maynot use offensive software during the audit. This is an example of:


Options are :

  • organizational control.
  • rules of engagement. (Correct)
  • risk appetite
  • service-level agreement.

Answer : rules of engagement.

A cybersecurity professional typed in a URL and discovered the admin panel for the e-commerce application is accessible over the open web with the defaultpassword. Which of the following is the MOST secure solution to remediate this vulnerability?


Options are :

  • Change the default password, whitelist specific source IP addresses, and require two-factor authentication.
  • Change the username and default password, whitelist specific source IP addresses, and require two-factor authentication. (Correct)
  • Whitelist all corporate IP blocks, require an alphanumeric passphrase for the default password, and require two-factor authentication.
  • Rename the URL to a more obscure name, whitelist all corporate IP blocks, and require two-factor authentication.

Answer : Change the username and default password, whitelist specific source IP addresses, and require two-factor authentication.

A cybersecurity analyst wants to use ICMP ECHO_REQUEST on a machine while using Nmap. Which of the following is the correct command to accomplish this?


Options are :

  • $ nmap --traceroute 192.168.1.7
  • $ nmap PO 192.168.1.7
  • $ ping --PE 192.168.1.7
  • $ nmap PE 192.168.1.7 (Correct)

Answer : $ nmap PE 192.168.1.7

CT0-101 Convergence+ Certification Practice Exam Set 10

Which of the following is a technology used to provide Internet access to internal associates without exposing the Internet directly to the associates?


Options are :

  • Fuzzer
  • Vulnerability scanner
  • Intrusion prevention system
  • Web proxy (Correct)

Answer : Web proxy

An organization is requesting the development of a disaster recovery plan. The organization has grown and so has its infrastructure. Documentation, policies, andprocedures do not exist. Which of the following steps should be taken to assist in the development of the disaster recovery plan?


Options are :

  • Develop a data retention policy.
  • Conduct a risk assessment.
  • Identify assets. (Correct)
  • Execute vulnerability scanning.

Answer : Identify assets.

Which of the following countermeasures should the security administrator apply to MOST effectively mitigate Bootkit-level infections of the organization'sworkstation devices?


Options are :

  • Remove local administrator privileges. (Correct)
  • Enforce a system state recovery after each device reboot.
  • Install a secondary virus protection application.
  • Configure a BIOS-level password on the device.

Answer : Remove local administrator privileges.

FC0-U51 CompTIA IT Fundamentals Certification Exam Set 1

Using a heuristic system to detect an anomaly in a computers baseline, a system administrator was able to detect an attack even though the company signaturebased IDS and antivirus did not detect it. Further analysis revealed that the attacker had downloaded an executable file onto the company PC from the USB port,and executed it to trigger a privilege escalation flaw. Which of the following attacks has MOST likely occurred?


Options are :

  • Directory traversal
  • XML injection
  • Cookie stealing
  • Zero-day (Correct)

Answer : Zero-day

After a recent security breach, it was discovered that a developer had promoted code that had been written to the production environment as a hotfix to resolve auser navigation issue that was causing issues for several customers. The code had inadvertently granted administrative privileges to all users, allowinginappropriate access to sensitive data and reports. Which of the following could have prevented this code from being released into the production environment?


Options are :

  • Succession planning
  • Automated reporting
  • Cross training
  • Separation of duties (Correct)

Answer : Separation of duties

During a routine review of firewall logs, an analyst identified that an IP address from the organizations server subnet had been connecting during nighttime hours toa foreign IP address, and had been sending between 150 and 500 megabytes of data each time. This had been going on for approximately one week, and theaffected server was taken offline for forensic review. Which of the following is MOST likely to drive up the incidents impact assessment?


Options are :

  • PII of company employees and customers was exfiltrated. (Correct)
  • Raw financial information about the company was accessed.
  • Forensic review of the server required fall-back on a less efficient service.
  • The local root password for the affected server was compromised.
  • IP addresses and other network-related configurations were exfiltrated.

Answer : PII of company employees and customers was exfiltrated.

CompTIA JK0-022 E2C Security+ Threats & Vulnerabilities Exam Set 1

An analyst is troubleshooting a PC that is experiencing high processor and memory consumption. Investigation reveals the following processes are running on thesystem: lsass.exe csrss.exe wordpad.exe notepad.exeWhich of the following tools should the analyst utilize to determine the rogue process?


Options are :

  • Use Netstat. (Correct)
  • Ping 127.0.0.1.
  • Use Nessus.
  • Use grep to search.

Answer : Use Netstat.

The business has been informed of a suspected breach of customer data. The internal audit team, in conjunction with the legal department, has begun working withthe cybersecurity team to validate the report. To which of the following response processes should the business adhere during the investigation?


Options are :

  • The security analysts should limit communication to trusted parties conducting the investigation (Correct)
  • The security analysts should not respond to internal audit requests during an active investigation
  • The security analysts should report the suspected breach to regulators when an incident occurs
  • The security analysts should interview system operators and report their findings to the internal auditors

Answer : The security analysts should limit communication to trusted parties conducting the investigation

A threat intelligence analyst who works for a technology firm received this report from a vendor.There has been an intellectual property theft campaign executed against organizations in the technology industry. Indicators for this activity are unique to eachintrusion. The information that appears to be targeted is R&D data. The data exfiltration appears to occur over months via uniform TTPs. Please execute adefensive operation regarding this attack vector.Which of the following combinations suggests how the threat should MOST likely be classified and the type of analysis that would be MOST helpful in protectingagainst this activity?


Options are :

  • Ransomware and encryption
  • Polymorphic malware and secure code analysis
  • APT and behavioral analysis (Correct)
  • Insider threat and indicator analysis

Answer : APT and behavioral analysis

FC0-U51 CompTIA IT Fundamentals Certification Exam Set 2

There have been several exploits to critical devices within the network. However, there is currently no process to perform vulnerability analysis.Which of the following should the security analyst implement during production hours to identify critical threats and vulnerabilities?


Options are :

  • Daily automated reports of exploited devices
  • Vulnerability scanning frequency that does not interrupt workflow (Correct)
  • Scanning of all types of data regardless of sensitivity levels
  • Asset inventory of all critical devices

Answer : Vulnerability scanning frequency that does not interrupt workflow

A security operations team was alerted to abnormal DNS activity coming from a users machine. The team performed a forensic investigation and discovered a hosthad been compromised. Malicious code was using DNS as a tunnel to extract data from the client machine, which had been leaked and transferred to an unsecurepublic Internet site. Which of the following BEST describes the attack?


Options are :

  • Data exfiltration (Correct)
  • Cache poisoning
  • Phishing
  • Pharming

Answer : Data exfiltration

A logistics companys vulnerability scan identifies the following vulnerabilities on Internet-facing devices in the DMZ:SQL injection on an infrequently used web server that provides files to vendorsSSL/TLS not used for a website that contains promotional informationThe scan also shows the following vulnerabilities on internal resources:Microsoft Office Remote Code Execution on test server for a human resources systemTLS downgrade vulnerability on a server in a development networkIn order of risk, which of the following should be patched FIRST?


Options are :

  • SSL/TLS not used
  • Microsoft Office Remote Code Execution (Correct)
  • TLS downgrade
  • SQL injection

Answer : Microsoft Office Remote Code Execution

CompTIA Security+ Cert. (SY0-501) Practice Tests Set 1

A malicious user is reviewing the following output:root:~#ping 192.168.1.13764 bytes from 192.168.2.1 icmp_seq=1 ttl=63 time=1.58 ms64 bytes from 192.168.2.1 icmp_seq=2 ttl=63 time=1.45 msroot: ~#Based on the above output, which of the following is the device between the malicious user and the target?


Options are :

  • Access point
  • Hub
  • Proxy (Correct)
  • Switch

Answer : Proxy

In reviewing firewall logs, a security analyst has discovered the following IP address, which several employees are using frequently:152.100.57.18The organizations servers use IP addresses in the 192.168.0.1/24 CIDR. Additionally, the analyst has noticed that corporate data is being stored at this newlocation. A few of these employees are on the management and executive management teams. The analyst has also discovered that there is no record of this IPaddress or service in reviewing the known locations of managing system assets. Which of the following is occurring in this scenario?


Options are :

  • Data exfiltration (Correct)
  • Malicious process
  • Unauthorized change
  • Unauthorized access

Answer : Data exfiltration

A threat intelligence analyst who works for a financial services firm received this report:There has been an effective waterhole campaign residing at www.bankfinancecompsoftware.com. This domain is delivering ransomware. This ransomware varianthas been called LockMaster by researchers due to its ability to overwrite the MBR, but this term is not a malware signature. Please execute a defensive operationregarding this attack vector.The analyst ran a query and has assessed that this traffic has been seen on the network. Which of the following actions should the analyst do NEXT? (SelectTWO).


Options are :

  • Advise the security analysts to add an alert in the SIEM on the string LockMaster
  • Advise the firewall engineer to implement a block on the domain
  • Produce a threat intelligence message to be disseminated to the company
  • Visit the domain and begin a threat assessment (Correct)
  • Format the MBR as a precaution
  • Advise the security architects to enable full-disk encryption to protect the MBR (Correct)

Answer : Visit the domain and begin a threat assessment Advise the security architects to enable full-disk encryption to protect the MBR

JK0-019 CompTIA E2C Network + Certification Exam Set 4

Which of the following is MOST effective for correlation analysis by log for threat management?


Options are :

  • PCAP
  • SCAP
  • SIEM (Correct)
  • IPS

Answer : SIEM

Which of the following commands would a security analyst use to make a copy of an image for forensics use?


Options are :

  • dd (Correct)
  • wget
  • touch
  • rm

Answer : dd

An executive tasked a security analyst to aggregate past logs, traffic, and alerts on a particular attack vector. The analyst was then tasked with analyzing the dataand making predictions on future complications regarding this attack vector. Which of the following types of analysis is the security analyst MOST likely conducting?


Options are :

  • Availability analysis
  • Behavior analysis
  • Business analysis
  • Trend analysis (Correct)

Answer : Trend analysis

CompTIA CAS-002 Advanced Security Practitioner Certify Exam Set 4

Which of the following could be directly impacted by an unpatched vulnerability in vSphere ESXi?


Options are :

  • The organizations virtual infrastructure (Correct)
  • The organizations physical routers
  • The organizations mobile devices
  • The organizations VPN

Answer : The organizations virtual infrastructure

A security analyst has discovered that an outbound SFTP process is occurring at the same time of day for the past several days. At the time this was discovered,large amounts of business critical data were delivered. The authentication for this process occurred using a service account with proper credentials. The securityanalyst investigated the destination IP for this transfer and discovered that this new process is not documented in the change management log. Which of thefollowing would be the BEST course of action for the analyst to take?


Options are :

  • Verify SLA with cloud provider.
  • Investigate a potential incident. (Correct)
  • Verify user permissions.
  • Run a vulnerability scan.

Answer : Investigate a potential incident.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions