CompTIA Cyber Security Analyst (CySA+) Practice Exams 2019 Set 4

A security analyst wants to scan the network for active hosts. Which of the following host characteristics help to differentiate between a virtual and physical host?


Options are :

  • Host IPs
  • Reserved MACs (Correct)
  • DNS routing tables
  • Gateway settings

Answer : Reserved MACs

CV0-001 CompTIA Cloud+ Certification Practice Exam Set 9

An organization wants to remediate vulnerabilities associated with its web servers. An initial vulnerability scan has been performed, and analysts are reviewing theresults. Before starting any remediation, the analysts want to remove false positives to avoid spending time on issues that are not actual vulnerabilities. Which of thefollowing would be an indicator of a likely false positive?


Options are :

  • Any items labeled low are considered informational only. (Correct)
  • Reports show the scanner compliance plug-in is out-of-date.
  • HTTPS entries indicate the web page is encrypted securely.
  • The scan result version is different from the automated asset inventory.

Answer : Any items labeled low are considered informational only.

A security analyst is performing a forensic analysis on a machine that was the subject of some historic SIEM alerts. The analyst noticed some network connectionsutilizing SSL on non-common ports, copies of svchost.exe and cmd.exe in %TEMP% folder, and RDP files that had connected to external IPs. Which of thefollowing threats has the security analyst uncovered?


Options are :

  • Ransomware
  • DDoS
  • Software vulnerability
  • APT (Correct)

Answer : APT

A recent vulnerability scan found four vulnerabilities on an organizations public Internet-facing IP addresses. Prioritizing in order to reduce the risk of a breach to theorganization, which of the following should be remediated FIRST?


Options are :

  • A cipher that is known to be cryptographically weak.
  • A website using a self-signed SSL certificate.
  • A buffer overflow that allows remote code execution. (Correct)
  • An HTTP response that reveals an internal IP address.

Answer : A buffer overflow that allows remote code execution.

Comptia Linux+ LX0-103 Certification Exam Practice Test Set 6

Which of the following represent the reasoning behind careful selection of the timelines and time-of-day boundaries for an authorized penetration test? (SelectTWO).


Options are :

  • To mitigate unintended impacts to operations (Correct)
  • To schedule personnel resources required for test activities (Correct)
  • To ensure tests have measurable impact to operations
  • To avoid conflicts with real intrusions that may occur
  • To determine frequency of team communication and reporting

Answer : To mitigate unintended impacts to operations To schedule personnel resources required for test activities

A threat intelligence analyst who works for a technology firm received this report from a vendor.There has been an intellectual property theft campaign executed against organizations in the technology industry. Indicators for this activity are unique to eachintrusion. The information that appears to be targeted is R&D data. The data exfiltration appears to occur over months via uniform TTPs. Please execute adefensive operation regarding this attack vector.Which of the following combinations suggests how the threat should MOST likely be classified and the type of analysis that would be MOST helpful in protectingagainst this activity?


Options are :

  • Ransomware and encryption
  • APT and behavioral analysis (Correct)
  • Insider threat and indicator analysis
  • Polymorphic malware and secure code analysis

Answer : APT and behavioral analysis

A threat intelligence analyst who works for a technology firm received this report from a vendor.There has been an intellectual property theft campaign executed against organizations in the technology industry. Indicators for this activity are unique to eachintrusion. The information that appears to be targeted is R&D data. The data exfiltration appears to occur over months via uniform TTPs. Please execute adefensive operation regarding this attack vector.Which of the following combinations suggests how the threat should MOST likely be classified and the type of analysis that would be MOST helpful in protectingagainst this activity?


Options are :

  • Polymorphic malware and secure code analysis
  • Ransomware and encryption
  • APT and behavioral analysis (Correct)
  • Insider threat and indicator analysis

Answer : APT and behavioral analysis

Test : CompTIA CySA+ (CS0-001)

Given the following output from a Linux machine:file2cable i eth0 -f file.pcapWhich of the following BEST describes what a security analyst is trying to accomplish?


Options are :

  • The analyst is attempting to capture traffic on interface eth0.
  • The analyst is attempting to use a protocol analyzer to monitor network traffic. (Correct)
  • The analyst is attempting to capture traffic for a PCAP file.
  • The analyst is attempting to measure bandwidth utilization on interface eth0.
  • The analyst is attempting to replay captured data from a PCAP file.

Answer : The analyst is attempting to use a protocol analyzer to monitor network traffic.

A security analyst is performing a review of Active Directory and discovers two new user accounts in the accounting department. Neither of the users has elevatedpermissions, but accounts in the group are given access to the companys sensitive financial management application by default. Which of the following is theBEST course of action?


Options are :

  • Disable the user accounts
  • Monitor the outbound traffic from the application for signs of data exfiltration
  • Remove the accounts access privileges to the sensitive application
  • Follow the incident response plan for the introduction of new accounts
  • Confirm the accounts are valid and ensure role-based permissions are appropriate (Correct)

Answer : Confirm the accounts are valid and ensure role-based permissions are appropriate

External users are reporting that a web application is slow and frequently times out when attempting to submit information. Which of the following softwaredevelopment best practices would have helped prevent this issue?


Options are :

  • Stress testing (Correct)
  • Input validation
  • Fuzzing
  • Regression testing

Answer : Stress testing

220-902 CompTIA A+ Certification Practice Exam Set 4

A malicious user is reviewing the following output:root:~#ping 192.168.1.13764 bytes from 192.168.2.1 icmp_seq=1 ttl=63 time=1.58 ms64 bytes from 192.168.2.1 icmp_seq=2 ttl=63 time=1.45 msroot: ~#Based on the above output, which of the following is the device between the malicious user and the target?


Options are :

  • Hub
  • Access point
  • Switch
  • Proxy (Correct)

Answer : Proxy

Company A permits visiting business partners from Company B to utilize Ethernet ports available in Company As conference rooms. This access is provided toallow partners the ability to establish VPNs back to Company Bs network. The security architect for Company A wants to ensure partners from Company B are ableto gain direct Internet access from available ports only, while Company A employees can gain access to the Company A internal network from those same ports.Which of the following can be employed to allow this?


Options are :

  • SAML
  • ACL
  • MAC
  • NAC (Correct)
  • SIEM

Answer : NAC

Which of the following actions should occur to address any open issues while closing an incident involving various departments within the network?


Options are :

  • Incident response plan
  • Lessons learned report (Correct)
  • Chain of custody documentation
  • Reverse engineering process

Answer : Lessons learned report

CompTIA IT Fundamentals (Exam FC0-U61) Practice Tests Set 3

A technician is running an intensive vulnerability scan to detect which ports are open to exploit. During the scan, several network services are disabled andproduction is affected. Which of the following sources would be used to evaluate which network service was interrupted?


Options are :

  • Firewall logs
  • NIDS
  • Network mapping
  • Syslog (Correct)

Answer : Syslog

A cybersecurity analyst has identified a new mission-essential function that utilizes a public cloud-based system. The analyst needs to classify the informationprocessed by the system with respect to CIA, Which of the following should provide the CIA classification for the information?


Options are :

  • The cybersecurity analyst
  • The data owner (Correct)
  • The system administrator
  • The cloud provider

Answer : The data owner

An analyst was testing the latest version of an internally developed CRM system. The analyst created a basic user account. Using a few tools in Kalis latestdistribution, the analyst was able to access configuration files, change permissions on folders and groups, and delete and create new system objects. Which of thefollowing techniques did the analyst use to perform these unauthorized activities?


Options are :

  • Privilege escalation
  • Input injection
  • Impersonation
  • Directory traversal (Correct)

Answer : Directory traversal

CompTIA Network+ (N10-007) 6 Practice Exams and Simulations Set 4

An analyst is observing unusual network traffic from a workstation. The workstation is communicating with a known malicious site over an encrypted tunnel. A fullantivirus scan with an updated antivirus signature file does not show any sign of infection. Which of the following has occurred on the workstation?


Options are :

  • Known malware attack
  • Cookie stealing
  • Session hijack
  • Zero-day attack (Correct)

Answer : Zero-day attack

A business-critical application is unable to support the requirements in the current password policy because it does not allow the use of special characters.Management does not want to accept the risk of a possible security incident due to weak password standards. Which of the following is an appropriate means tolimit the risks related to the application?


Options are :

  • Encrypting authentication traffic (Correct)
  • Altering the password policy
  • Creating new account management procedures
  • A compensating control

Answer : Encrypting authentication traffic

Various devices are connecting and authenticating to a single evil twin within the network. Which of the following are MOST likely being targeted?


Options are :

  • Mobile devices (Correct)
  • Wired SCADA devices
  • Network infrastructure
  • VPNs
  • All endpoints

Answer : Mobile devices

BR0-002 CompTIA Network + Bridge Practice Exam Set 4

A security administrator determines several months after the first instance that a local privileged user has been routinely logging into a server interactively as rootand browsing the Internet. The administrator determines this by performing an annual review of the security logs on that server. For which of the following securityarchitecture areas should the administrator recommend review and modification? (Select TWO).


Options are :

  • Log aggregation and analysis (Correct)
  • Network isolation and separation
  • Encryption
  • Acceptable use policies (Correct)
  • Software assurance
  • Password complexity

Answer : Log aggregation and analysis Acceptable use policies

An HR employee began having issues with a device becoming unresponsive after attempting to open an email attachment. When informed, the security analystbecame suspicious of the situation, even though there was not any unusual behavior on the IDS or any alerts from the antivirus software. Which of the followingBEST describes the type of threat in this situation?


Options are :

  • Packet of death
  • Known virus
  • Zero-day malware (Correct)
  • PII exfiltration

Answer : Zero-day malware

A cybersecurity analyst has received an alert that well-known call home messages are continuously observed by network sensors at the network boundary. Theproxy firewall successfully drops the messages. After determining the alert was a true positive, which of the following represents the MOST likely cause?


Options are :

  • Attackers are running reconnaissance on company resources.
  • An outside command and control system is attempting to reach an infected system. (Correct)
  • An insider is trying to exfiltrate information to a remote network.
  • Malware is running on a company system.

Answer : An outside command and control system is attempting to reach an infected system.

CompTIA SY0-401 Security Certification Practice Exam Set 2

An ATM in a building lobby has been compromised. A security technician has been advised that the ATM must be forensically analyzed by multiple technicians.Which of the following items in a forensic tool kit would likely be used FIRST? (Select TWO).


Options are :

  • Crime tape
  • Write blockers (Correct)
  • Chain of custody form (Correct)
  • Drive imager
  • Drive adapters
  • Hashing utilities

Answer : Write blockers Chain of custody form

The new Chief Technology Officer (CTO) is seeking recommendations for network monitoring services for the local intranet. The CTO would like the capability tomonitor all traffic to and from the gateway, as well as the capability to block certain content. Which of the following recommendations would meet the needs of theorganization?


Options are :

  • Recommend setup of IP filtering on both the internal and external interfaces of the gateway router.
  • Recommend installation of a firewall on the internal interface and a NIDS on the external interface of the gateway router. (Correct)
  • Recommend installation of an IDS on the internal interface and a firewall on the external interface of the gateway router.
  • Recommend installation of an IPS on both the internal and external interfaces of the gateway router.

Answer : Recommend installation of a firewall on the internal interface and a NIDS on the external interface of the gateway router.

As part of the SDLC, software developers are testing the security of a new web application by inputting large amounts of random data. Which of the following typesof testing is being performed?


Options are :

  • Fuzzing (Correct)
  • Input validation
  • Regression testing
  • Stress testing

Answer : Fuzzing

220-802 CompTIA A+ Certification Practice Exam Set 4

Company A permits visiting business partners from Company B to utilize Ethernet ports available in Company As conference rooms. This access is provided toallow partners the ability to establish VPNs back to Company Bs network. The security architect for Company A wants to ensure partners from Company B are ableto gain direct Internet access from available ports only, while Company A employees can gain access to the Company A internal network from those same ports.Which of the following can be employed to allow this?


Options are :

  • NAC (Correct)
  • MAC
  • SIEM
  • ACL
  • SAML

Answer : NAC

A security analyst is performing a review of Active Directory and discovers two new user accounts in the accounting department. Neither of the users has elevatedpermissions, but accounts in the group are given access to the companys sensitive financial management application by default. Which of the following is theBEST course of action?


Options are :

  • Monitor the outbound traffic from the application for signs of data exfiltration
  • Confirm the accounts are valid and ensure role-based permissions are appropriate (Correct)
  • Disable the user accounts
  • Remove the accounts access privileges to the sensitive application
  • Follow the incident response plan for the introduction of new accounts

Answer : Confirm the accounts are valid and ensure role-based permissions are appropriate

An investigation showed a worm was introduced from an engineers laptop. It was determined the company does not provide engineers with company-ownedlaptops, which would be subject to company policy and technical controls.Which of the following would be the MOST secure control implement?


Options are :

  • Utilize a jump box that is only allowed to connect to clients from the management network.
  • Deploy a company-wide approved engineering workstation for management access. (Correct)
  • Implement role-based group policies on the management network for client access.
  • Deploy HIDS on all engineer-provided laptops, and put a new router in the management network.

Answer : Deploy a company-wide approved engineering workstation for management access.

CompTIA JK0-017 E2C Project+ Certification Practice Exam Set 1

An analyst is observing unusual network traffic from a workstation. The workstation is communicating with a known malicious site over an encrypted tunnel. A fullantivirus scan with an updated antivirus signature file does not show any sign of infection. Which of the following has occurred on the workstation?


Options are :

  • Zero-day attack (Correct)
  • Known malware attack
  • Session hijack
  • Cookie stealing

Answer : Zero-day attack

The director of software development is concerned with recent web application security incidents, including the successful breach of a back-end database server.The director would like to work with the security team to implement a standardized way to design, build, and test web applications and the services that supportthem. Which of the following meets the criteria?


Options are :

  • OWASP (Correct)
  • Ajax
  • SANS
  • PHP

Answer : OWASP

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions