CompTIA Cyber Security Analyst (CySA+) Practice Exams 2019 Set 7

A staff member reported that a laptop has degraded performance. The security analyst has investigated the issue and discovered that CPU utilization, memoryutilization, and outbound network traffic are consuming the laptop resources. Which of the following is the BEST course of actions to resolve the problem?


Options are :

  • Ensure the laptop OS is properly patched.
  • Identify and remove malicious processes. (Correct)
  • Disable scheduled tasks.
  • Increase laptop memory.
  • Suspend virus scan.

Answer : Identify and remove malicious processes.

220-801 CompTIA A+ Certification Practice Exam Set 2

Law enforcement has contacted a corporations legal counsel because correlated data from a breach shows the organization as the common denominator from allindicators of compromise. An employee overhears the conversation between legal counsel and law enforcement, and then posts a comment about it on socialmedia. The media then starts contacting other employees about the breach. Which of the following steps should be taken to prevent further disclosure ofinformation about the breach?


Options are :

  • Have law enforcement meet with employees.
  • Perform security awareness training about incident communication. (Correct)
  • Request all employees verbally commit to an NDA about the breach.
  • Temporarily disable employee access to social media

Answer : Perform security awareness training about incident communication.

An organization wants to remediate vulnerabilities associated with its web servers. An initial vulnerability scan has been performed, and analysts are reviewing theresults. Before starting any remediation, the analysts want to remove false positives to avoid spending time on issues that are not actual vulnerabilities. Which of thefollowing would be an indicator of a likely false positive?


Options are :

  • Reports show the scanner compliance plug-in is out-of-date.
  • Any items labeled low are considered informational only. (Correct)
  • The scan result version is different from the automated asset inventory.
  • HTTPS entries indicate the web page is encrypted securely.

Answer : Any items labeled low are considered informational only.

Using a heuristic system to detect an anomaly in a computers baseline, a system administrator was able to detect an attack even though the company signaturebased IDS and antivirus did not detect it. Further analysis revealed that the attacker had downloaded an executable file onto the company PC from the USB port,and executed it to trigger a privilege escalation flaw. Which of the following attacks has MOST likely occurred?


Options are :

  • Cookie stealing
  • XML injection
  • Zero-day (Correct)
  • Directory traversal

Answer : Zero-day

CompTIA A+ 220 902 Test Set 3

Due to new regulations, a company has decided to institute an organizational vulnerability management program and assign the function to the security team.Which of the following frameworks would BEST support the program? (Select two.)


Options are :

  • ITIL (Correct)
  • COBIT
  • NIST (Correct)
  • ISO 27000 series
  • OWASP

Answer : ITIL NIST

Considering confidentiality and integrity, which of the following make servers more secure than desktops? (Select THREE).


Options are :

  • OS (Correct)
  • VLANs
  • Processing power
  • Hard drive capacity
  • Physical access restriction (Correct)
  • Trained operators (Correct)

Answer : OS Physical access restriction Trained operators

A reverse engineer was analyzing malware found on a retailers network and found code extracting track data in memory. Which of the following threats did theengineer MOST likely uncover?


Options are :

  • Key logger
  • Ransomware
  • POS malware (Correct)
  • Rootkit

Answer : POS malware

BR0-001 CompTIA Bridge Security+ Certification Practice Exam Set 4

A cybersecurity analyst has received a report that multiple systems are experiencing slowness as a result of a DDoS attack. Which of the following would be theBEST action for the cybersecurity analyst to perform?


Options are :

  • Inform management of the incident. (Correct)
  • Shut down all server interfaces.
  • Inform users regarding the affected systems.
  • Continue monitoring critical systems.

Answer : Inform management of the incident.

A company discovers an unauthorized device accessing network resources through one of many network drops in a common area used by visitors.The company decides that it wants to quickly prevent unauthorized devices from accessing the network but policy prevents the company from making changes onevery connecting client.Which of the following should the company implement?


Options are :

  • WPA2
  • Mandatory Access Control
  • Network Intrusion Prevention
  • Port security (Correct)

Answer : Port security

Which of the following principles describes how a security analyst should communicate during an incident?


Options are :

  • The communication should come from law enforcement.
  • The communication should be limited to management only.
  • The communication should be limited to trusted parties only. (Correct)
  • The communication should be limited to security staff only.

Answer : The communication should be limited to trusted parties only.

CompTIA JK0-022 E2C Security+ Network Security Practice Exam Set 2

An organization wants to remediate vulnerabilities associated with its web servers. An initial vulnerability scan has been performed, and analysts are reviewing theresults. Before starting any remediation, the analysts want to remove false positives to avoid spending time on issues that are not actual vulnerabilities. Which of thefollowing would be an indicator of a likely false positive?


Options are :

  • Reports indicate that findings are informational.
  • HTTPS entries indicate the web page is encrypted securely.
  • The scan result version is different from the automated asset inventory.
  • Any items labeled low are considered informational only. (Correct)

Answer : Any items labeled low are considered informational only.

Given the following output from a Linux machine:file2cable i eth0 -f file.pcapWhich of the following BEST describes what a security analyst is trying to accomplish?


Options are :

  • The analyst is attempting to use a protocol analyzer to monitor network traffic. (Correct)
  • The analyst is attempting to capture traffic for a PCAP file.
  • The analyst is attempting to capture traffic on interface eth0.
  • The analyst is attempting to replay captured data from a PCAP file.
  • The analyst is attempting to measure bandwidth utilization on interface eth0.

Answer : The analyst is attempting to use a protocol analyzer to monitor network traffic.

A cybersecurity analyst has several SIEM event logs to review for possible APT activity. The analyst was given several items that include lists of indicators for bothIP addresses and domains. Which of the following actions is the BEST approach for the analyst to perform?


Options are :

  • Analyze the trends of the events while manually reviewing to see if any of the indicators match. (Correct)
  • Create an advanced query that includes all of the indicators, and review any of the matches.
  • Scan for vulnerabilities with exploits known to have been used by an APT.
  • Use the IP addresses to search through the event logs.

Answer : Analyze the trends of the events while manually reviewing to see if any of the indicators match.

CompTIA Security+ SY0-501 Questions & Answers Set 2

A security analyst has been asked to remediate a server vulnerability. Once the analyst has located a patch for the vulnerability, which of the following shouldhappen NEXT?


Options are :

  • Begin the incident response process.
  • Start the change control process. (Correct)
  • Implement continuous monitoring.
  • Rescan to ensure the vulnerability still exists.

Answer : Start the change control process.

An analyst is preparing for a technical security compliance check on all Apache servers. Which of the following will be the BEST to use?


Options are :

  • OWASP
  • Untidy
  • Cain & Abel
  • Nagios
  • CIS benchmark (Correct)

Answer : CIS benchmark

A medical organization recently started accepting payments over the phone. The manager is concerned about the impact of the storage of different types of data.Which of the following types of data incurs the highest regulatory constraints?


Options are :

  • IP
  • PHI
  • PCI (Correct)
  • PII

Answer : PCI

HT0-201 CEA- CompTIA DHTI+ Certification Practice Exam Set 4

Various devices are connecting and authenticating to a single evil twin within the network. Which of the following are MOST likely being targeted?


Options are :

  • Wired SCADA devices
  • Network infrastructure
  • Mobile devices (Correct)
  • All endpoints
  • VPNs

Answer : Mobile devices

A security analyst has created an image of a drive from an incident. Which of the following describes what the analyst should do NEXT?


Options are :

  • The analyst should create a hash of the image and compare it to the original drives hash. (Correct)
  • The analyst should create a chain of custody document and notify stakeholders.
  • The analyst should begin analyzing the image and begin to report findings.
  • The analyst should create a backup of the drive and then hash the drive.

Answer : The analyst should create a hash of the image and compare it to the original drives hash.

A security analyst begins to notice the CPU utilization from a sinkhole has begun to spike. Which of the following describes what may be occurring?


Options are :

  • Something is controlling the sinkhole and causing CPU spikes due to malicious utilization.
  • The sinkhole has begun blocking suspect or malicious traffic.
  • Someone has logged on to the sinkhole and is using the device.
  • The sinkhole has begun rerouting unauthorized traffic. (Correct)

Answer : The sinkhole has begun rerouting unauthorized traffic.

Practice : CompTIA Cloud+ Certification

A security analyst discovers a network intrusion and quickly solves the problem by closing an unused port. Which of the following should be completed?


Options are :

  • Lessons learned report (Correct)
  • Reverse-engineering incident report
  • Vulnerability report
  • Memorandum of agreement

Answer : Lessons learned report

An organization is requesting the development of a disaster recovery plan. The organization has grown and so has its infrastructure. Documentation, policies, andprocedures do not exist. Which of the following steps should be taken to assist in the development of the disaster recovery plan?


Options are :

  • Develop a data retention policy.
  • Identify assets. (Correct)
  • Conduct a risk assessment.
  • Execute vulnerability scanning.

Answer : Identify assets.

An analyst has initiated an assessment of an organizations security posture. As a part of this review, the analyst would like to determine how much informationabout the organization is exposed externally. Which of the following techniques would BEST help the analyst accomplish this goal? (Select two.)


Options are :

  • Intranet portal reviews
  • Sourcing social network sites (Correct)
  • Fingerprinting (Correct)
  • DNS query log reviews
  • Internet searches
  • Banner grabbing

Answer : Sourcing social network sites Fingerprinting

CompTIA HT0-201 DHTI+ Certification Practice Exam Set 4

A network administrator is attempting to troubleshoot an issue regarding certificates on a secure website.During the troubleshooting process, the network administrator notices that the web gateway proxy on the local network has signed all of the certificates on the localmachine.Which of the following describes the type of attack the proxy has been legitimately programmed to perform?


Options are :

  • Man-in-the-middle (Correct)
  • Spoofing
  • Transitive access
  • Replay

Answer : Man-in-the-middle

Scan results identify critical Apache vulnerabilities on a companys web servers. A security analyst believes many of these results are false positives because theweb environment mostly consists of Windows servers.Which of the following is the BEST method of verifying the scan results?


Options are :

  • Review logs of each host in the SIEM.
  • Refer to the identified servers in the asset inventory.
  • Run a service discovery scan on the identified servers. (Correct)
  • Perform a top-ports scan against the identified servers.

Answer : Run a service discovery scan on the identified servers.

A business-critical application is unable to support the requirements in the current password policy because it does not allow the use of special characters.Management does not want to accept the risk of a possible security incident due to weak password standards. Which of the following is an appropriate means tolimit the risks related to the application?


Options are :

  • Encrypting authentication traffic (Correct)
  • Creating new account management procedures
  • A compensating control
  • Altering the password policy

Answer : Encrypting authentication traffic

CAS-003 CompTIA Advanced Security Practitioner (CASP+) Exam Set 7

Which of the following are essential components within the rules of engagement for a penetration test? (Select TWO).


Options are :

  • Business justification
  • Schedule (Correct)
  • Authorization (Correct)
  • Payment terms
  • List of system administrators

Answer : Schedule Authorization

There have been several exploits to critical devices within the network. However, there is currently no process to perform vulnerability analysis.Which of the following should the security analyst implement during production hours to identify critical threats and vulnerabilities?


Options are :

  • Vulnerability scanning frequency that does not interrupt workflow (Correct)
  • Scanning of all types of data regardless of sensitivity levels
  • Asset inventory of all critical devices
  • Daily automated reports of exploited devices

Answer : Vulnerability scanning frequency that does not interrupt workflow

Law enforcement has contacted a corporations legal counsel because correlated data from a breach shows the organization as the common denominator from allindicators of compromise. An employee overhears the conversation between legal counsel and law enforcement, and then posts a comment about it on socialmedia. The media then starts contacting other employees about the breach. Which of the following steps should be taken to prevent further disclosure ofinformation about the breach?


Options are :

  • Request all employees verbally commit to an NDA about the breach.
  • Temporarily disable employee access to social media
  • Perform security awareness training about incident communication. (Correct)
  • Have law enforcement meet with employees.

Answer : Perform security awareness training about incident communication.

CD0-001 CDIA+ Certification Practice Exam Set 9

A production web server is experiencing performance issues. Upon investigation, new unauthorized applications have been installed and suspicious traffic was sentthrough an unused port. Endpoint security is not detecting any malware or virus. Which of the following types of threats would this MOST likely be classified as?


Options are :

  • Buffer overflow vulnerability
  • Zero day
  • Advanced persistent threat (Correct)
  • Botnet

Answer : Advanced persistent threat

While preparing for a third-party audit, the vice president of risk management and the vice president of information technology have stipulated that the vendor maynot use offensive software during the audit. This is an example of:


Options are :

  • risk appetite
  • rules of engagement. (Correct)
  • service-level agreement.
  • organizational control.

Answer : rules of engagement.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions