CompTIA Cyber Security Analyst (CySA+) Practice Exams 2019 Set 6

During an investigation, a computer is being seized. Which of the following is the FIRST step the analyst should take?


Options are :

  • Unplug the network cable and take screenshots of the desktop.
  • Initiate chain-of-custody documentation.
  • Perform a physical hard disk image.
  • Power off the computer and remove it from the network. (Correct)

Answer : Power off the computer and remove it from the network.

CompTIA Cloud+ Certification Exam Prep CV002 - 2019 Set 1

The director of software development is concerned with recent web application security incidents, including the successful breach of a back-end database server.The director would like to work with the security team to implement a standardized way to design, build, and test web applications and the services that supportthem. Which of the following meets the criteria?


Options are :

  • PHP
  • Ajax
  • SANS
  • OWASP (Correct)

Answer : OWASP

A reverse engineer was analyzing malware found on a retailers network and found code extracting track data in memory. Which of the following threats did theengineer MOST likely uncover?


Options are :

  • Rootkit
  • Key logger
  • Ransomware
  • POS malware (Correct)

Answer : POS malware

An alert has been distributed throughout the information security community regarding a critical Apache vulnerability. Which of the following courses of action wouldONLY identify the known vulnerability?


Options are :

  • Perform a scan for the specific vulnerability on all web servers. (Correct)
  • Perform a web vulnerability scan on all servers in the environment.
  • Perform an unauthenticated vulnerability scan on all servers in the environment.
  • Perform an authenticated scan on all web servers in the environment.

Answer : Perform a scan for the specific vulnerability on all web servers.

CompTIA JK0-019 E2C Network Media & Topologies Practice Exam Set 4

A security analyst has noticed that a particular server has consumed over 1TB of bandwidth over the course of the month. It has port 3333 open, however, therehave not been any alerts or notices regarding the server or its activities. Which of the following did the analyst discover?


Options are :

  • DDoS
  • False positive
  • APT
  • Zero day (Correct)

Answer : Zero day

During which of the following NIST risk management framework steps would an information system security engineer identify inherited security controls and tailorthose controls to the system?


Options are :

  • Implement
  • Access
  • Select (Correct)
  • Categorize

Answer : Select

A penetration tester is preparing for an audit of critical systems that may impact the security of the environment. This includes the external perimeter and theinternal perimeter of the environment. During which of the following processes is this type of information normally gathered?


Options are :

  • Authorization
  • Timing
  • Enumeration
  • Scoping (Correct)

Answer : Scoping

NEW! CompTIA A+ 2019 Cert. Core 2 (220-1002) Practice Tests Set 8

A technician receives a report that a users workstation is experiencing no network connectivity. The technician investigates and notices the patch cable running theback of the users VoIP phone is routed directly under the rolling chair and has been smashed flat over time.Which of the following is the most likely cause of this issue?


Options are :

  • Excessive collisions (Correct)
  • Split pairs
  • Electromagnetic interference
  • Cross-talk

Answer : Excessive collisions

A security analyst has discovered that an outbound SFTP process is occurring at the same time of day for the past several days. At the time this was discovered,large amounts of business critical data were delivered. The authentication for this process occurred using a service account with proper credentials. The securityanalyst investigated the destination IP for this transfer and discovered that this new process is not documented in the change management log. Which of thefollowing would be the BEST course of action for the analyst to take?


Options are :

  • Run a vulnerability scan.
  • Investigate a potential incident. (Correct)
  • Verify SLA with cloud provider.
  • Verify user permissions.

Answer : Investigate a potential incident.

A nuclear facility manager determined the need to monitor utilization of water within the facility. A startup company just announced a state-of-the-art solution toaddress the need for integrating the business and ICS network. The solution requires a very small agent to be installed on the ICS equipment. Which of thefollowing is the MOST important security control for the manager to invest in to protect the facility?


Options are :

  • Require that the solution provider make the agent source code available for analysis.
  • Install the agent for a week on a test system and monitor the activities. (Correct)
  • Run a penetration test on the installed agent.
  • Require through guides for administrator and users.

Answer : Install the agent for a week on a test system and monitor the activities.

CompTIA Security+ Cert. (SY0-501): Practice Tests 2019 Set 7

A web application has a newly discovered vulnerability in the authentication method used to validate known company users. The user ID of Admin with a passwordof password grants elevated access to the application over the Internet. Which of the following is the BEST method to discover the vulnerability before aproduction deployment?


Options are :

  • Stress test the application
  • User acceptance testing
  • Manual peer review
  • Input validation (Correct)

Answer : Input validation

A cybersecurity analyst traced the source of an attack to compromised user credentials. Log analysis revealed that the attacker successfully authenticated from anunauthorized foreign country. Management asked the security analyst to research and implement a solution to help mitigate attacks based on compromisedpasswords. Which of the following should the analyst implement?


Options are :

  • Password complexity
  • Single sign-on
  • Context-based authentication (Correct)
  • Self-service password reset

Answer : Context-based authentication

A company has recently launched a new billing invoice website for a few key vendors. The cybersecurity analyst is receiving calls that the website is performingslowly and the pages sometimes time out. The analyst notices the website is receiving millions of requests, causing the service to become unavailable. Which of thefollowing can be implemented to maintain the availability of the website?


Options are :

  • DMZ
  • Honeypot
  • VPN
  • MAC filtering
  • Whitelisting (Correct)

Answer : Whitelisting

HT0-201 CEA- CompTIA DHTI+ Certification Practice Exam Set 4

Creating an isolated environment in order to test and observe the behavior of unknown software is also known as:


Options are :

  • hashing
  • hardening
  • sniffing
  • sandboxing (Correct)

Answer : sandboxing

A security analyst wants to scan the network for active hosts. Which of the following host characteristics help to differentiate between a virtual and physical host?


Options are :

  • Reserved MACs (Correct)
  • Gateway settings
  • DNS routing tables
  • Host IPs

Answer : Reserved MACs

A security audit revealed that port 389 has been used instead of 636 when connecting to LDAP for the authentication of users. The remediation recommended bythe audit was to switch the port to 636 wherever technically possible. Which of the following is the BEST response?


Options are :

  • Correct the audit. This finding is accurate, but the correct remediation is to update encryption keys on each of the servers to match port 636.
  • Correct the audit. This finding is a well-known false positive, the services that typically run on 389 and 636 are identical.
  • Change all devices and servers that support it to 636, as 389 is a reserved port that requires root access and can expose the server to privilege escalation attacks.
  • Change all devices and servers that support it to 636, as encrypted services run by default on 636. (Correct)

Answer : Change all devices and servers that support it to 636, as encrypted services run by default on 636.

LX0-104 CompTIA Linux+ [Powered by LPI] Exam Set 2

A cybersecurity analyst has identified a new mission-essential function that utilizes a public cloud-based system. The analyst needs to classify the informationprocessed by the system with respect to CIA, Which of the following should provide the CIA classification for the information?


Options are :

  • The data owner (Correct)
  • The system administrator
  • The cloud provider
  • The cybersecurity analyst

Answer : The data owner

An incident response report indicates a virus was introduced through a remote host that was connected to corporate resources. A cybersecurity analyst has beenasked for a recommendation to solve this issue. Which of the following should be applied?


Options are :

  • ACL
  • NAC (Correct)
  • TAP
  • MAC

Answer : NAC

A university wants to increase the security posture of its network by implementing vulnerability scans of both centrally managed and student/employee laptops. Thesolution should be able to scale, provide minimum false positives and high accuracy of results, and be centrally managed through an enterprise console. Which ofthe following scanning topologies is BEST suited for this environment?


Options are :

  • An active scanning engine installed on the enterprise console (Correct)
  • A combination of cloud-based and server-based scanning engines
  • A passive scanning engine located at the core of the network infrastructure
  • A combination of server-based and agent-based scanning engines

Answer : An active scanning engine installed on the enterprise console

SY0-401 CompTIA Security+ Certification Practice Exam Set 4

A threat intelligence feed has posted an alert stating there is a critical vulnerability in the kernel. Unfortunately, the companys asset inventory is not current. Whichof the following techniques would a cybersecurity analyst perform to find all affected servers within an organization?


Options are :

  • A manual log review from data sent to syslog
  • A packet capture of data traversing the server network
  • An OS fingerprinting scan across all hosts (Correct)
  • A service discovery scan on the network

Answer : An OS fingerprinting scan across all hosts

A recent vulnerability scan found four vulnerabilities on an organizations public Internet-facing IP addresses. Prioritizing in order to reduce the risk of a breach to theorganization, which of the following should be remediated FIRST?


Options are :

  • A website using a self-signed SSL certificate.
  • A cipher that is known to be cryptographically weak.
  • An HTTP response that reveals an internal IP address.
  • A buffer overflow that allows remote code execution. (Correct)

Answer : A buffer overflow that allows remote code execution.

A recent vulnerability scan found four vulnerabilities on an organizations public Internet-facing IP addresses. Prioritizing in order to reduce the risk of a breach to theorganization, which of the following should be remediated FIRST?


Options are :

  • A cipher that is known to be cryptographically weak.
  • An HTTP response that reveals an internal IP address.
  • A buffer overflow that allows remote code execution. (Correct)
  • A website using a self-signed SSL certificate.

Answer : A buffer overflow that allows remote code execution.

CompTIA JK0-015 E2C Security+ Certification Practice Test Set 16

A system administrator recently deployed and verified the installation of a critical patch issued by the companys primary OS vendor. This patch was supposed toremedy a vulnerability that would allow an adversary to remotely execute code from over the network. However, the administrator just ran a vulnerabilityassessment of networked systems, and each of them still reported having the same vulnerability. Which of the following is the MOST likely explanation for this?


Options are :

  • The patch did not remediate the vulnerability. (Correct)
  • The administrator did not wait long enough after applying the patch to run the assessment.
  • The vulnerability assessment returned false positives.
  • The administrator entered the wrong IP range for the assessment.

Answer : The patch did not remediate the vulnerability.

A software assurance lab is performing a dynamic assessment on an application by automatically generating and inputting different, random data sets to attempt tocause an error/failure condition. Which of the following software assessment capabilities is the lab performing AND during which phase of the SDLC should thisoccur? (Select two.)


Options are :

  • Prototyping phase (Correct)
  • Static code analysis
  • Requirements phase
  • Fuzzing (Correct)
  • Behavior modeling
  • Planning phase

Answer : Prototyping phase Fuzzing

A Chief Information Security Officer (CISO) wants to standardize the companys security program so it can be objectively assessed as part of an upcoming auditrequested by management.Which of the following would holistically assist in this effort?


Options are :

  • AUP
  • NIST (Correct)
  • Nessus
  • ITIL
  • Scrum

Answer : NIST

CompTIA CySA+ Set 7

A security analyst is adding input to the incident response communication plan. A company officer has suggested that if a data breach occurs, only affected partiesshould be notified to keep an incident from becoming a media headline. Which of the following should the analyst recommend to the company officer?


Options are :

  • The first responder should contact law enforcement upon confirmation of a security incident in order for a forensics team to preserve chain of custody. (Correct)
  • An externally hosted website should be prepared in advance to ensure that when an incident occurs victims have timely access to notifications from a non-compromised recourse.
  • Guidance from laws and regulations should be considered when deciding who must be notified in order to avoid fines and judgements from non-compliance.
  • The HR department should have information security personnel who are involved in the investigation of the incident sign non-disclosure agreements so thecompany cannot be held liable for customer data that might be viewed during an investigation.

Answer : The first responder should contact law enforcement upon confirmation of a security incident in order for a forensics team to preserve chain of custody.

During the forensic a phase of a security investigation, it was discovered that an attacker was able to find private keys on a poorly secured team shared drive. Theattacker used those keys to intercept and decrypt sensitive traffic on a web server. Which of the following describes this type of exploit and the potentialremediation?


Options are :

  • Man-in-the-middle, well-controlled storage of private keys (Correct)
  • Rootkit, controlled storage of public keys
  • Cross-site scripting, increased encryption key sizes
  • Session hijacking, network intrusion detection sensors

Answer : Man-in-the-middle, well-controlled storage of private keys

An application development company released a new version of its software to the public. A few days after the release, the company is notified by end users thatthe application is notably slower, and older security bugs have reappeared in the new release. The development team has decided to include the security analystduring their next development cycle to help address the reported issues. Which of the following should the security analyst focus on to remedy the existing reportedproblems?


Options are :

  • The security analyst should perform end user acceptance security testing during each application development cycle.
  • The security analyst should perform security regression testing during each application development cycle. (Correct)
  • The security analyst should perform application fuzzing to locate application vulnerabilities during each application development cycle.
  • The security analyst should perform secure coding practices during each application development cycle.

Answer : The security analyst should perform security regression testing during each application development cycle.

CompTIA CT0-101 Convergence+ Certification Practice Exam Set 2

A security audit revealed that port 389 has been used instead of 636 when connecting to LDAP for the authentication of users. The remediation recommended bythe audit was to switch the port to 636 wherever technically possible. Which of the following is the BEST response?


Options are :

  • Correct the audit. This finding is a well-known false positive, the services that typically run on 389 and 636 are identical.
  • Change all devices and servers that support it to 636, as 389 is a reserved port that requires root access and can expose the server to privilege escalationattacks.
  • Correct the audit. This finding is accurate, but the correct remediation is to update encryption keys on each of the servers to match port 636.
  • Change all devices and servers that support it to 636, as encrypted services run by default on 636. (Correct)

Answer : Change all devices and servers that support it to 636, as encrypted services run by default on 636.

An analyst was tasked with providing recommendations of technologies that are PKI X.509 compliant for a variety of secure functions. Which of the followingtechnologies meet the compatibility requirement? (Select three.)


Options are :

  • 3DES
  • SSL/TLS (Correct)
  • PKCS (Correct)
  • IDEA
  • PGP
  • AES (Correct)

Answer : SSL/TLS PKCS AES

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions