CompTIA Cyber Security Analyst (CySA+) Practice Exams 2019 Set 12

A technician receives an alert indicating an endpoint is beaconing to a suspect dynamic DNS domain. Which of the following countermeasures should be used toBEST protect the network in response to this alert? (Choose two.)


Options are :

  • Set up a sinkhole for that dynamic DNS domain to prevent communication. (Correct)
  • Implement an internal honeypot to catch the malicious traffic and trace it.
  • Ensure the IDS is active on the network segment where the endpoint resides.
  • Isolate the infected endpoint to prevent the potential spread of malicious activity. (Correct)
  • Perform a risk assessment and implement compensating controls.

Answer : Set up a sinkhole for that dynamic DNS domain to prevent communication. Isolate the infected endpoint to prevent the potential spread of malicious activity.

NEW! CompTIA A+ 2019 Cert. Core 2 (220-1002) Practice Tests Set 9

A server contains baseline images that are deployed to sensitive workstations on a regular basis. The images are evaluated once per month for patching and otherfixes, but do not change otherwise. Which of the following controls should be put in place to secure the file server and ensure the images are not changed?


Options are :

  • Require the use of two-factor authentication for any administrator or user who needs to connect to the server.
  • Install a honeypot to identify any attacks before the baseline images can be compromised.
  • Install and configure a file integrity monitoring tool on the server and allow updates to the images each month. (Correct)
  • Schedule vulnerability scans of the server at least once per month before the images are updated.

Answer : Install and configure a file integrity monitoring tool on the server and allow updates to the images each month.

A cybersecurity analyst has received an alert that well-known call home messages are continuously observed by network sensors at the network boundary. Theproxy firewall successfully drops the messages. After determining the alert was a true positive, which of the following represents the MOST likely cause?


Options are :

  • An outside command and control system is attempting to reach an infected system. (Correct)
  • Malware is running on a company system.
  • An insider is trying to exfiltrate information to a remote network.
  • Attackers are running reconnaissance on company resources.

Answer : An outside command and control system is attempting to reach an infected system.

A list of vulnerabilities has been reported in a companys most recent scan of a server. The security analyst must review the vulnerabilities and decide which onesshould be remediated in the next change window and which ones can wait or may not need patching. Pending further investigation. Which of the followingvulnerabilities should the analyst remediate FIRST?


Options are :

  • The analyst should remediate dns (53/tcp) first. The remote BIND 9 DNS server is susceptible to a buffer overflow, which may allow an attacker to gain ashell on this host or disable this server. (Correct)
  • The analyst should remediate ftp (21/tcp) first. An outdated version of FTP is running on this port. If it is not in use, it should be disabled.
  • The analyst should remediate imaps (993/tcp) first. The SSLv2 suite offers five strong ciphers and two weak export class ciphers.
  • The analyst should remediate https (443/tcp) first. This web server is susceptible to banner grabbing and was fingerprinted as Apache/1.3.27-9 on Linuxw/ mod_fastcgi.

Answer : The analyst should remediate dns (53/tcp) first. The remote BIND 9 DNS server is susceptible to a buffer overflow, which may allow an attacker to gain ashell on this host or disable this server.

CD0-001 CDIA+ Certification Practice Exam Set 1

A cybersecurity consultant found common vulnerabilities across the following services used by multiple servers at an organization: VPN, SSH, and HTTPS. Whichof the following is the MOST likely reason for the discovered vulnerabilities?


Options are :

  • Weak level of encryption entropy (Correct)
  • Vulnerable version of OpenSSL
  • Leaked PKI private key
  • Common initialization vector
  • Vulnerable implementation of PEAP

Answer : Weak level of encryption entropy

An analyst is preparing for a technical security compliance check on all Apache servers. Which of the following will be the BEST to use?


Options are :

  • Nagios
  • Untidy
  • CIS benchmark (Correct)
  • OWASP
  • Cain & Abel

Answer : CIS benchmark

During a web application vulnerability scan, it was discovered that the application would display inappropriate data after certain key phrases were entered into awebform connected to a SQL database server. Which of the following should be used to reduce the likelihood of this type of attack returning sensitive data?


Options are :

  • Application fuzzing
  • Input validation (Correct)
  • Static code analysis
  • Peer review code

Answer : Input validation

CompTIA JK0-018 Security+ E2C Certified Practice Exam Set 8

A company has decided to process credit card transactions directly. Which of the following would meet the requirements for scanning this type of data?


Options are :

  • Bi-annually
  • Monthly
  • Quarterly (Correct)
  • Yearly

Answer : Quarterly

A technician is running an intensive vulnerability scan to detect which ports are open to exploit. During the scan, several network services are disabled andproduction is affected. Which of the following sources would be used to evaluate which network service was interrupted?


Options are :

  • NIDS
  • Syslog (Correct)
  • Firewall logs
  • Network mapping

Answer : Syslog

A companys asset management software has been discovering a weekly increase in non-standard software installed on end users machines with duplicate licensekeys. The security analyst wants to know if any of this software is listening on any non-standard ports, such as 6667. Which of the following tools should the analystrecommend to block any command and control traffic?


Options are :

  • Netstat (Correct)
  • IPS
  • NIDS
  • HIDS

Answer : Netstat

JK0-017 CompTIA E2C Project+ Certification Practice Exam Set 2

A cybersecurity analyst is reviewing the current BYOD security posture. The users must be able to synchronize their calendars, email, and contacts to a smartphoneor other personal device. The recommendation must provide the most flexibility to users. Which of the following recommendations would meet both the mobile dataprotection efforts and the business requirements described in this scenario?


Options are :

  • Implement a wireless network configured for mobile device access and monitored by sensors. (Correct)
  • Deploy a kiosk for synchronizing while using an access list of approved users.
  • Develop a minimum security baseline while restricting the type of data that can be accessed.
  • Implement a single computer configured with USB access and monitored by sensors.

Answer : Implement a wireless network configured for mobile device access and monitored by sensors.

A zero-day crypto-worm is quickly spreading through the internal network on port 25 and exploiting a software vulnerability found within the email servers.Which of the following countermeasures needs to be implemented as soon as possible to mitigate the worm from continuing to spread?


Options are :

  • Patch affected systems.
  • Isolate impacted servers. (Correct)
  • Block all known port/services.
  • Implement a traffic sinkhole.

Answer : Isolate impacted servers.

A network administrator is attempting to troubleshoot an issue regarding certificates on a secure website.During the troubleshooting process, the network administrator notices that the web gateway proxy on the local network has signed all of the certificates on the localmachine.Which of the following describes the type of attack the proxy has been legitimately programmed to perform?


Options are :

  • Transitive access
  • Replay
  • Man-in-the-middle (Correct)
  • Spoofing

Answer : Man-in-the-middle

CompTIA Security+ (SY0-501) Practice Exams with Simulations Set 5

Which of the following remediation strategies are MOST effective in reducing the risk of a network-based compromise of embedded ICS? (Select two.)


Options are :

  • NIDS
  • Disabling unused services (Correct)
  • Segmentation (Correct)
  • Firewalling
  • Patching

Answer : Disabling unused services Segmentation

A production web server is experiencing performance issues. Upon investigation, new unauthorized applications have been installed and suspicious traffic was sentthrough an unused port. Endpoint security is not detecting any malware or virus. Which of the following types of threats would this MOST likely be classified as?


Options are :

  • Botnet
  • Zero day
  • Advanced persistent threat (Correct)
  • Buffer overflow vulnerability

Answer : Advanced persistent threat

After analyzing and correlating activity from multiple sensors, the security analyst has determined a group from a high-risk country is responsible for a sophisticatedbreach of the company network and continuous administration of targeted attacks for the past three months. Until now, the attacks went unnoticed. This is anexample of:


Options are :

  • advanced persistent threat. (Correct)
  • privilege escalation.
  • spear phishing.
  • malicious insider threat.

Answer : advanced persistent threat.

CompTIA PD1-001 PDI+ Beta Certification Practice Exam Set 7

An organization wants to harden its web servers. As part of this goal, leadership has directed that vulnerability scans be performed, and the security team shouldremediate the servers according to industry best practices. The team has already chosen a vulnerability scanner and performed the necessary scans, and now theteam needs to prioritize the fixes. Which of the following would help to prioritize the vulnerabilities for remediation in accordance with industry best practices?


Options are :

  • CVSS (Correct)
  • SLA
  • Qualys
  • OpenVAS
  • ITIL

Answer : CVSS

After reading about data breaches at a competing company, senior leaders in an organization have grown increasingly concerned about social engineering attacks.They want to increase awareness among staff regarding this threat, but do not want to use traditional training methods because they regard these methods asineffective. Which of the following approaches would BEST meet the requirements?


Options are :

  • Classroom training on the dangers of social media followed by a test and gift certificates for any employee getting a perfect score. (Correct)
  • USB drives randomly placed inside and outside the organization that contain a pop-up warning to any users who plug the drive into their computer
  • A poster contest to raise awareness of PII and asking employees to provide examples of data breaches and consequences
  • Simulated phishing emails asking employees to reply to the email with their updated phone number and office location

Answer : Classroom training on the dangers of social media followed by a test and gift certificates for any employee getting a perfect score.

A security analyst has determined that the user interface on an embedded device is vulnerable to common SQL injections. The device is unable to be replaced, andthe software cannot be upgraded. Which of the following should the security analyst recommend to add additional security to this device?


Options are :

  • The security analyst should recommend this device be included in regular vulnerability scans.
  • The security analyst should recommend an IDS be placed on the network segment.
  • The security analyst should recommend this device regularly export the web logs to a SIEM system.
  • The security analyst should recommend this device be placed behind a WAF. (Correct)

Answer : The security analyst should recommend this device be placed behind a WAF.

JK0-019 CompTIA E2C Network + Certification Exam Set 8

A system administrator recently deployed and verified the installation of a critical patch issued by the companys primary OS vendor. This patch was supposed toremedy a vulnerability that would allow an adversary to remotely execute code from over the network. However, the administrator just ran a vulnerabilityassessment of networked systems, and each of them still reported having the same vulnerability. Which of the following is the MOST likely explanation for this?


Options are :

  • The administrator did not wait long enough after applying the patch to run the assessment.
  • The patch did not remediate the vulnerability. (Correct)
  • The vulnerability assessment returned false positives.
  • The administrator entered the wrong IP range for the assessment.

Answer : The patch did not remediate the vulnerability.

As part of the SDLC, software developers are testing the security of a new web application by inputting large amounts of random data. Which of the following typesof testing is being performed?


Options are :

  • Input validation
  • Stress testing
  • Regression testing
  • Fuzzing (Correct)

Answer : Fuzzing

A cybersecurity analyst has been asked to follow a corporate process that will be used to manage vulnerabilities for an organization. The analyst notices the policyhas not been updated in three years. Which of the following should the analyst check to ensure the policy is still accurate?


Options are :

  • Corporate minutes
  • Governing regulations
  • Threat intelligence reports (Correct)
  • Technical constraints

Answer : Threat intelligence reports

CompTIA N10-004 Network+ Certification Practice Test Set 5

Which of the following BEST describes the offensive participants in a tabletop exercise?


Options are :

  • Operations team
  • Security analysts
  • Blue team
  • Red team (Correct)
  • System administrators

Answer : Red team

A system administrator who was using an account with elevated privileges deleted a large amount of log files generated by a virtual hypervisor in order to free updisk space. These log files are needed by the security team to analyze the health of the virtual machines. Which of the following compensating controls would helpprevent this from reoccurring? (Select two.)


Options are :

  • Succession planning
  • Job rotation
  • Separation of duties (Correct)
  • Personnel training (Correct)
  • Mandatory vacation

Answer : Separation of duties Personnel training

Which of the following stakeholders would need to be aware of an e-discovery notice received by the security office about an ongoing case within the manufacturingdepartment?


Options are :

  • Marketing
  • Legal (Correct)
  • Board of trustees
  • Human resources

Answer : Legal

CD0-001 CDIA+ Certification Practice Exam Set 11

A corporation employs a number of small-form-factor workstations and mobile devices, and an incident response team is therefore required to build a forensics kitwith tools to support chip-off analysis. Which of the following tools would BEST meet this requirement?


Options are :

  • JTAG adapters (Correct)
  • Write-blockers
  • ZIF adapters
  • Last-level cache readers

Answer : JTAG adapters

Several users have reported that when attempting to save documents in team folders, the following message is received:The File Cannot Be Copied or Moved Service Unavailable.Upon further investigation, it is found that the syslog server is not obtaining log events from the file server to which the users are attempting to copy files. Which ofthe following is the MOST likely scenario causing these issues?


Options are :

  • The network is saturated, causing network congestion (Correct)
  • The file server is experiencing high CPU and memory utilization
  • All the available space on the file server is consumed
  • Malicious processes are running on the file server

Answer : The network is saturated, causing network congestion

A new zero-day vulnerability was discovered within a basic screen capture app, which is used throughout the environment. Two days after discovering thevulnerability, the manufacturer of the software has not announced a remediation or if there will be a fix for this newly discovered vulnerability. The vulnerableapplication is not uniquely critical, but it is used occasionally by the management and executive management teams. The vulnerability allows remote code executionto gain privileged access to the system. Which of the following is the BEST course of actions to mitigate this threat?


Options are :

  • Block the vulnerable application traffic at the firewall and disable the application services on each computer.
  • Remove the application and replace it with a similar non-vulnerable application.
  • Communicate with the end users that the application should not be used until the manufacturer has resolved the vulnerability. (Correct)
  • Work with the manufacturer to determine the time frame for the fix.

Answer : Communicate with the end users that the application should not be used until the manufacturer has resolved the vulnerability.

CompTIA CySA+ Set 10

A threat intelligence analyst who works for an oil and gas company has received the following email from a superior:We will be connecting our IT network with our ICS. Our IT security has historically been top of the line, and this convergence will make the ICS easier to manageand troubleshoot. Can you please perform a risk/vulnerability assessment on this decision?Which of the following is MOST accurate regarding ICS in this scenario?


Options are :

  • Integrating increases the attack surface (Correct)
  • IT networks cannot be connected to ICS infrastructure
  • Combined networks decrease efficiency
  • Convergence decreases attack vectors

Answer : Integrating increases the attack surface

A cybersecurity analyst is hired to review the security measures implemented within the domain controllers of a company. Upon review, the cybersecurity analystnotices a brute force attack can be launched against domain controllers that run on a Windows platform. The first remediation step implemented by thecybersecurity analyst is to make the account passwords more complex. Which of the following is the NEXT remediation step the cybersecurity analyst needs toimplement?


Options are :

  • Perform more frequent port scanning.
  • Disable the ability to store a LAN manager hash.
  • Deploy a vulnerability scanner tool.
  • Install a different antivirus software.
  • Move administrator accounts to a new security group. (Correct)

Answer : Move administrator accounts to a new security group.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions