CompTIA Cyber Security Analyst (CySA+) Practice Exams 2019 Set 11

An analyst finds that unpatched servers have undetected vulnerabilities because the vulnerability scanner does not have the latest set of signatures. Managementdirected the security team to have personnel update the scanners with the latest signatures at least 24 hours before conducting any scans, but the outcome isunchanged. Which of the following is the BEST logical control to address the failure?


Options are :

  • Manually validate that the existing update is being performed.
  • Configure vulnerability scans to run in credentialed mode.
  • Configure a script to automatically update the scanning tool. (Correct)
  • Test vulnerability remediation in a sandbox before deploying.

Answer : Configure a script to automatically update the scanning tool.

CAS-001 CompTIA Advanced Security Practitioner Practice Exam Set 11

A staff member reported that a laptop has degraded performance. The security analyst has investigated the issue and discovered that CPU utilization, memoryutilization, and outbound network traffic are consuming the laptop resources. Which of the following is the BEST course of actions to resolve the problem?


Options are :

  • Identify and remove malicious processes. (Correct)
  • Ensure the laptop OS is properly patched.
  • Disable scheduled tasks.
  • Increase laptop memory.
  • Suspend virus scan.

Answer : Identify and remove malicious processes.

The new Chief Technology Officer (CTO) is seeking recommendations for network monitoring services for the local intranet. The CTO would like the capability tomonitor all traffic to and from the gateway, as well as the capability to block certain content. Which of the following recommendations would meet the needs of theorganization?


Options are :

  • Recommend installation of a firewall on the internal interface and a NIDS on the external interface of the gateway router. (Correct)
  • Recommend installation of an IDS on the internal interface and a firewall on the external interface of the gateway router.
  • Recommend installation of an IPS on both the internal and external interfaces of the gateway router.
  • Recommend setup of IP filtering on both the internal and external interfaces of the gateway router.

Answer : Recommend installation of a firewall on the internal interface and a NIDS on the external interface of the gateway router.

Which of the following systems would be at the GREATEST risk of compromise if found to have an open vulnerability associated with perfect forward secrecy?


Options are :

  • Endpoints
  • Layer 2 switches
  • VPN concentrators (Correct)
  • Virtual hosts
  • SIEM

Answer : VPN concentrators

BR0-003 CompTIA A+ 2009 Edition Bridge Practice Exam Set 6

An insurance company employs quick-response team drivers that carry corporate-issued mobile devices with the insurance companys app installed on them.Devices are configuration-hardened by an MDM and kept up to date. The employees use the app to collect insurance claim information and process payments.Recently, a number of customers have filed complaints of credit card fraud against the insurance company, which occurred shortly after their payments wereprocessed via the mobile app. The cyber-incident response team has been asked to investigate. Which of the following is MOST likely the cause?


Options are :

  • USB tethering is enabled.
  • The app does not employ TLS. (Correct)
  • The MDM server is misconfigured.
  • 3G and less secure cellular technologies are not restricted.

Answer : The app does not employ TLS.

A project lead is reviewing the statement of work for an upcoming project that is focused on identifying potential weaknesses in the organizations internal andexternal network infrastructure. As part of the project, a team of external contractors will attempt to employ various attacks against the organization. The statementof work specifically addresses the utilization of an automated tool to probe network resources in an attempt to develop logical diagrams indication weaknesses inthe infrastructure.The scope of activity as described in the statement of work is an example of:


Options are :

  • friendly DoS
  • vulnerability scanning
  • penetration testing (Correct)
  • social engineering
  • session hijacking

Answer : penetration testing

Which of the following represent the reasoning behind careful selection of the timelines and time-of-day boundaries for an authorized penetration test? (SelectTWO).


Options are :

  • To mitigate unintended impacts to operations (Correct)
  • To determine frequency of team communication and reporting
  • To schedule personnel resources required for test activities (Correct)
  • To ensure tests have measurable impact to operations
  • To avoid conflicts with real intrusions that may occur

Answer : To mitigate unintended impacts to operations To schedule personnel resources required for test activities

CompTIA JK0-022 E2C Security Data & Host Security Exam Set 2

The security configuration management policy states that all patches must undergo testing procedures before being moved into production. The security analystnotices a single web application server has been downloading and applying patches during non-business hours without testing. There are no apparent adversereactions, server functionality does not seem to be affected, and no malware was found after a scan.Which of the following actions should the analyst take?


Options are :

  • Monitor the web application for service interruptions caused from the patching.
  • Monitor the web application service for abnormal bandwidth consumption.
  • Reschedule the automated patching to occur during business hours.
  • Create an incident ticket for anomalous activity. (Correct)

Answer : Create an incident ticket for anomalous activity.

A security analyst is performing ongoing scanning and continuous monitoring of the corporate datacenter. Over time, these scans are repeatedly showingsusceptibility to the same vulnerabilities and an increase in new vulnerabilities on a specific group of servers that are clustered to run the same application. Which ofthe following vulnerability management processes should be implemented?


Options are :

  • Regular patch application (Correct)
  • Automated report generation
  • Frequent server scanning
  • Group policy modification

Answer : Regular patch application

A security analyst has just completed a vulnerability scan of servers that support a business critical application that is managed by an outside vendor. The results ofthe scan indicate the devices are missing critical patches. Which of the following factors can inhibit remediation of these vulnerabilities? (Choose two.)


Options are :

  • Inappropriate data classifications
  • SLAs with the supporting vendor
  • Required sandbox testing (Correct)
  • Incomplete asset inventory
  • Business process interruption (Correct)

Answer : Required sandbox testing Business process interruption

220-801 CompTIA A+ Certification Practice Exam Set 10

A cybersecurity analyst was asked to discover the hardware address of 30 networked assets. From a command line, which of the following tools would be used toprovide ARP scanning and reflects the MOST efficient method for accomplishing the task?


Options are :

  • ping a
  • nmap (Correct)
  • nslookup
  • tracert

Answer : nmap

While reviewing three months of logs, a security analyst notices probes from random company laptops going to SCADA equipment at the companys manufacturinglocation. Some of the probes are getting responses from the equipment even though firewall rules are in place, which should block this type of unauthorized activity.Which of the following should the analyst recommend to keep this activity from originating from company laptops?


Options are :

  • Update the firewall rules to block SCADA network access from those laptop IP addresses.
  • Install security software and a host-based firewall on the SCADA equipment.
  • Require connections to the SCADA network to go through a forwarding proxy.
  • Implement a group policy on company systems to block access to SCADA networks. (Correct)

Answer : Implement a group policy on company systems to block access to SCADA networks.

A company decides to move three of its business applications to different outsourced cloud providers. After moving the applications, the users report theapplications time out too quickly and too much time is spent logging back into the different web-based applications throughout the day. Which of the followingshould a security architect recommend to improve the end-user experience without lowering the security posture?


Options are :

  • Configure a web browser to cache the user credentials.
  • Configure directory services with a federation provider to manage accounts.
  • Configure user accounts for self-service account management.
  • Create a group policy to extend the default system lockout period. (Correct)

Answer : Create a group policy to extend the default system lockout period.

CompTIA JK0-015 E2C Security+ Certification Practice Test Set 18

A company has implemented WPA2, a 20-character minimum for the WiFi passphrase, and a new WiFi passphrase every 30 days, and has disabled SSIDbroadcast on all wireless access points. Which of the following is the company trying to mitigate?


Options are :

  • Downgrade attacks (Correct)
  • Forced deauthentication
  • Rainbow tables
  • SSL pinning

Answer : Downgrade attacks

An analyst was tasked with providing recommendations of technologies that are PKI X.509 compliant for a variety of secure functions. Which of the followingtechnologies meet the compatibility requirement? (Select three.)


Options are :

  • PKCS (Correct)
  • 3DES
  • AES (Correct)
  • PGP
  • IDEA
  • SSL/TLS (Correct)

Answer : PKCS AES SSL/TLS

An analyst was testing the latest version of an internally developed CRM system. The analyst created a basic user account. Using a few tools in Kalis latestdistribution, the analyst was able to access configuration files, change permissions on folders and groups, and delete and create new system objects. Which of thefollowing techniques did the analyst use to perform these unauthorized activities?


Options are :

  • Impersonation
  • Input injection
  • Privilege escalation
  • Directory traversal (Correct)

Answer : Directory traversal

JK0-017 CompTIA E2C Project+ Certification Practice Exam Set 3

Which of the following policies BEST explains the purpose of a data ownership policy?


Options are :

  • The policy should document practices that users must adhere to in order to access data on the corporate network or Internet.
  • The policy should establish the protocol for retaining information types based on regulatory or business needs.
  • The policy should outline the organizations administration of accounts for authorized users to access the appropriate data. (Correct)
  • The policy should describe the roles and responsibilities between users and managers, and the management of specific data types.

Answer : The policy should outline the organizations administration of accounts for authorized users to access the appropriate data.

Due to new regulations, a company has decided to institute an organizational vulnerability management program and assign the function to the security team.Which of the following frameworks would BEST support the program? (Select two.)


Options are :

  • COBIT
  • ISO 27000 series
  • ITIL (Correct)
  • NIST (Correct)
  • OWASP

Answer : ITIL NIST

A systems administrator is trying to secure a critical system. The administrator has placed the system behind a firewall, enabled strong authentication, and requiredall administrators of this system to attend mandatory training.Which of the following BEST describes the control being implemented?


Options are :

  • Multifactor authentication
  • Access control
  • Audit remediation
  • Defense in depth (Correct)

Answer : Defense in depth

220-801 CompTIA A+ Certification Practice Exam Set 3

A cybersecurity analyst has identified a new mission-essential function that utilizes a public cloud-based system. The analyst needs to classify the informationprocessed by the system with respect to CIA, Which of the following should provide the CIA classification for the information?


Options are :

  • The cloud provider
  • The cybersecurity analyst
  • The system administrator
  • The data owner (Correct)

Answer : The data owner

Which of the following principles describes how a security analyst should communicate during an incident?


Options are :

  • The communication should be limited to trusted parties only. (Correct)
  • The communication should be limited to security staff only.
  • The communication should be limited to management only.
  • The communication should come from law enforcement.

Answer : The communication should be limited to trusted parties only.

A business-critical application is unable to support the requirements in the current password policy because it does not allow the use of special characters.Management does not want to accept the risk of a possible security incident due to weak password standards. Which of the following is an appropriate means tolimit the risks related to the application?


Options are :

  • Altering the password policy
  • Creating new account management procedures
  • A compensating control
  • Encrypting authentication traffic (Correct)

Answer : Encrypting authentication traffic

JK0-017 CompTIA E2C Project+ Certification Practice Exam Set 13

During an investigation, a computer is being seized. Which of the following is the FIRST step the analyst should take?


Options are :

  • Unplug the network cable and take screenshots of the desktop.
  • Power off the computer and remove it from the network. (Correct)
  • Initiate chain-of-custody documentation.
  • Perform a physical hard disk image.

Answer : Power off the computer and remove it from the network.

An alert has been distributed throughout the information security community regarding a critical Apache vulnerability. Which of the following courses of action wouldONLY identify the known vulnerability?


Options are :

  • Perform a scan for the specific vulnerability on all web servers. (Correct)
  • Perform an unauthenticated vulnerability scan on all servers in the environment.
  • Perform a web vulnerability scan on all servers in the environment.
  • Perform an authenticated scan on all web servers in the environment.

Answer : Perform a scan for the specific vulnerability on all web servers.

A security administrator has uncovered a covert channel used to exfiltrate confidential data from an internal database server through a compromised corporate webserver. Ongoing exfiltration is accomplished by embedding a small amount of data extracted from the database into the metadata of images served by the webserver. File timestamps suggest that the server was initially compromised six months ago using a common server misconfiguration. Which of the following BESTdescribes the type of threat being used?


Options are :

  • Man-in-the-middle attack
  • APT (Correct)
  • Zero-day attack
  • XSS

Answer : APT

CL0-001 CompTIA Cloud Essentials Practice Test Set 8

A company allows employees to work remotely. The security administration is configuring services that will allow remote help desk personnel to work secure outsidethe companys headquarters. Which of the following presents the BEST solution to meet this goal?


Options are :

  • Open port 3389 on the firewall to the server to allow users to connect remotely.
  • Set up a jump box for all help desk personnel to remotely access system resources.
  • Use the companys existing web server for remote access and configure over port 8080.
  • Configure a VPN concentrator to terminate in the DMZ to allow help desk personnel access to resources. (Correct)

Answer : Configure a VPN concentrator to terminate in the DMZ to allow help desk personnel access to resources.

An analyst is observing unusual network traffic from a workstation. The workstation is communicating with a known malicious site over an encrypted tunnel. A fullantivirus scan with an updated antivirus signature file does not show any sign of infection. Which of the following has occurred on the workstation?


Options are :

  • Zero-day attack (Correct)
  • Cookie stealing
  • Known malware attack
  • Session hijack

Answer : Zero-day attack

A company has several internal-only, web-based applications on the internal network. Remote employees are allowed to connect to the internal corporate networkwith a company-supplied VPN client. During a project to upgrade the internal application, contractors were hired to work on a database server and were givencopies of the VPN client so they could work remotely. A week later, a security analyst discovered an internal web-server had been compromised by malware thatoriginated from one of the contractors laptops. Which of the following changes should be made to BEST counter the threat presented in this scenario?


Options are :

  • Deploy a web application firewall in the DMZ to stop Internet-based attacks on the web server.
  • Create a restricted network segment for contractors, and set up a jump box for the contractors to use to access internal resources.
  • Deploy an application layer firewall with network access control lists at the perimeter, and then create alerts for suspicious Layer 7 traffic.
  • Require the contractors to bring their laptops on site when accessing the internal network instead of using the VPN from a remote location.
  • Implement NAC to check for updated anti-malware signatures and location-based rules for PCs connecting to the internal network. (Correct)

Answer : Implement NAC to check for updated anti-malware signatures and location-based rules for PCs connecting to the internal network.

220-701 A+ Essentials Certification Practice Exam Set 7

A database administrator contacts a security administrator to request firewall changes for a connection to a new internal application.The security administrator notices that the new application uses a port typically monopolized by a virus.The security administrator denies the request and suggests a new port or service be used to complete the applications task.Which of the following is the security administrator practicing in this example?


Options are :

  • Port security
  • Implicit deny
  • Access control lists (Correct)
  • Explicit deny

Answer : Access control lists

The Chief Information Security Officer (CISO) has asked the security staff to identify a framework on which to base the security program. The CISO would like toachieve a certification showing the security program meets all required best practices. Which of the following would be the BEST choice?


Options are :

  • OSSIM
  • SDLC
  • ISO (Correct)
  • SANS

Answer : ISO

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions