CompTIA Cyber Security Analyst (CySA+) Practice Exams 2019 Set 8

Due to new regulations, a company has decided to institute an organizational vulnerability management program and assign the function to the security team.Which of the following frameworks would BEST support the program? (Select two.)


Options are :

  • ISO 27000 series
  • ITIL (Correct)
  • COBIT
  • NIST (Correct)
  • OWASP

Answer : ITIL NIST

BR0-003 CompTIA A+ 2009 Edition Bridge Practice Exam Set 7

Datacenter access is controlled with proximity badges that record all entries and exits from the datacenter.The access records are used to identify which staff members accessed the data center in the event of equipment theft.Which of the following MUST be prevented in order for this policy to be effective?


Options are :

  • Phishing
  • Tailgating (Correct)
  • Social engineering
  • Password reuse

Answer : Tailgating

An incident response report indicates a virus was introduced through a remote host that was connected to corporate resources. A cybersecurity analyst has beenasked for a recommendation to solve this issue. Which of the following should be applied?


Options are :

  • NAC (Correct)
  • ACL
  • MAC
  • TAP

Answer : NAC

A security analyst is performing ongoing scanning and continuous monitoring of the corporate datacenter. Over time, these scans are repeatedly showingsusceptibility to the same vulnerabilities and an increase in new vulnerabilities on a specific group of servers that are clustered to run the same application. Which ofthe following vulnerability management processes should be implemented?


Options are :

  • Frequent server scanning
  • Automated report generation
  • Group policy modification
  • Regular patch application (Correct)

Answer : Regular patch application

SY0-401 CompTIA Security+ Certification Practice Exam Set 1

A security analyst has just completed a vulnerability scan of servers that support a business critical application that is managed by an outside vendor. The results ofthe scan indicate the devices are missing critical patches. Which of the following factors can inhibit remediation of these vulnerabilities? (Choose two.)


Options are :

  • SLAs with the supporting vendor
  • Inappropriate data classifications
  • Incomplete asset inventory
  • Business process interruption (Correct)
  • Required sandbox testing (Correct)

Answer : Business process interruption Required sandbox testing

A company invested ten percent of its entire annual budget in security technologies. The Chief Information Officer (CIO) is convinced that, without this investment,the company will risk being the next victim of the same cyber attack its competitor experienced three months ago. However, despite this investment, users aresharing their usernames and passwords with their coworkers to get their jobs done. Which of the following will eliminate the risk introduced by this practice?


Options are :

  • Invest in and implement a solution to ensure non-repudiation
  • Send an email asking users not to share their credentials (Correct)
  • Force a daily password change
  • Run a report on all users sharing their credentials and alert their managers of further actions

Answer : Send an email asking users not to share their credentials

An organization is requesting the development of a disaster recovery plan. The organization has grown and so has its infrastructure. Documentation, policies, andprocedures do not exist. Which of the following steps should be taken to assist in the development of the disaster recovery plan?


Options are :

  • Develop a data retention policy.
  • Conduct a risk assessment.
  • Identify assets. (Correct)
  • Execute vulnerability scanning.

Answer : Identify assets.

220-701 A+ Essentials Certification Practice Exam Set 1

A security analyst is adding input to the incident response communication plan. A company officer has suggested that if a data breach occurs, only affected partiesshould be notified to keep an incident from becoming a media headline. Which of the following should the analyst recommend to the company officer?


Options are :

  • Guidance from laws and regulations should be considered when deciding who must be notified in order to avoid fines and judgements from non-compliance.
  • An externally hosted website should be prepared in advance to ensure that when an incident occurs victims have timely access to notifications from a non-compromised recourse.
  • The HR department should have information security personnel who are involved in the investigation of the incident sign non-disclosure agreements so thecompany cannot be held liable for customer data that might be viewed during an investigation.
  • The first responder should contact law enforcement upon confirmation of a security incident in order for a forensics team to preserve chain of custody. (Correct)

Answer : The first responder should contact law enforcement upon confirmation of a security incident in order for a forensics team to preserve chain of custody.

A security analyst is concerned that employees may attempt to exfiltrate data prior to tendering their resignations. Unfortunately, the company cannot afford topurchase a data loss prevention (DLP) system. Which of the following recommendations should the security analyst make to provide defense-in-depth against dataloss? (Select THREE).


Options are :

  • Prevent users from using roaming profiles when changing workstations
  • Prevent users from copying data from workstation to workstation
  • Prevent flash drives from connecting to USB ports using Group Policy (Correct)
  • Prevent users from being able to use the copy and paste functions
  • Prevent users from accessing personal email and file-sharing sites via web proxy (Correct)
  • Prevent Internet access on laptops unless connected to the network in the office or via VPN (Correct)

Answer : Prevent flash drives from connecting to USB ports using Group Policy Prevent users from accessing personal email and file-sharing sites via web proxy Prevent Internet access on laptops unless connected to the network in the office or via VPN

A company has recently launched a new billing invoice website for a few key vendors. The cybersecurity analyst is receiving calls that the website is performingslowly and the pages sometimes time out. The analyst notices the website is receiving millions of requests, causing the service to become unavailable. Which of thefollowing can be implemented to maintain the availability of the website?


Options are :

  • Honeypot
  • DMZ
  • VPN
  • MAC filtering
  • Whitelisting (Correct)

Answer : Whitelisting

CompTIA JK0-022 E2C Security+ Threats & Vulnerabilities Exam Set 5

A company that is hiring a penetration tester wants to exclude social engineering from the list of authorized activities. Which of the following documents shouldinclude these details?


Options are :

  • Service level agreement
  • Acceptable use policy
  • Rules of engagement (Correct)
  • Memorandum of understanding
  • Master service agreement

Answer : Rules of engagement

A vulnerability analyst needs to identify all systems with unauthorized web servers on the 10.1.1.0/24 network. The analyst uses the following default Nmap scan:nmap sV p 1-65535 10.1.1.0/24Which of the following would be the result of running the above command?


Options are :

  • This scan checks all TCP ports and returns versions. (Correct)
  • This scan identifies unauthorized servers.
  • This scan probes all ports and returns open ones.
  • This scan checks all TCP ports.

Answer : This scan checks all TCP ports and returns versions.

A software development company in the manufacturing sector has just completed the alpha version of its flagship application. The application has been underdevelopment for the past three years. The SOC has seen intrusion attempts made by indicators associated with a particular APT. The company has a hot sitelocation for COOP. Which of the following threats would most likely incur the BIGGEST economic impact for the company?


Options are :

  • IPS evasion
  • ICS destruction
  • DDoS (Correct)
  • IP theft

Answer : DDoS

220-702 CompTIA A+ Practical Application Practice Exam Set 9

The new Chief Technology Officer (CTO) is seeking recommendations for network monitoring services for the local intranet. The CTO would like the capability tomonitor all traffic to and from the gateway, as well as the capability to block certain content. Which of the following recommendations would meet the needs of theorganization?


Options are :

  • Recommend setup of IP filtering on both the internal and external interfaces of the gateway router.
  • Recommend installation of an IPS on both the internal and external interfaces of the gateway router.
  • Recommend installation of an IDS on the internal interface and a firewall on the external interface of the gateway router.
  • Recommend installation of a firewall on the internal interface and a NIDS on the external interface of the gateway router. (Correct)

Answer : Recommend installation of a firewall on the internal interface and a NIDS on the external interface of the gateway router.

A security analyst received several service tickets reporting that a company storefront website is not accessible by internal domain users. However, external usersare accessing the website without issue. Which of the following is the MOST likely reason for this behavior?


Options are :

  • The certificate is expired.
  • The DNS server is corrupted. (Correct)
  • The time synchronization server is corrupted.
  • The FQDN is incorrect.

Answer : The DNS server is corrupted.

Nmap scan results on a set of IP addresses returned one or more lines beginning with cpe:/o: followed by a company name, product name, and version. Which ofthe following would this string help an administrator to identify?


Options are :

  • Operating system (Correct)
  • Installed software
  • Running services
  • Installed hardware

Answer : Operating system

220-701 A+ Essentials Certification Practice Exam Set 7

Several accounting department users are reporting unusual Internet traffic in the browsing history of their workstations after returning to work and logging in. Thebuilding security team informs the IT security team that the cleaning staff was caught using the systems after the accounting department users left for the day.Which of the following steps should the IT security team take to help prevent this from happening again? (Choose two.)


Options are :

  • Set up a camera to monitor the workstations for unauthorized use.
  • Configure NAC to set time-based restrictions on the accounting group to normal business hours. (Correct)
  • Configure a policy for workstation account timeout at three minutes. (Correct)
  • Install a web monitor application to track Internet usage after hours.
  • Configure mandatory access controls to allow only accounting department users to access the workstations.

Answer : Configure NAC to set time-based restrictions on the accounting group to normal business hours. Configure a policy for workstation account timeout at three minutes.

Which of the following represent the reasoning behind careful selection of the timelines and time-of-day boundaries for an authorized penetration test? (SelectTWO).


Options are :

  • To avoid conflicts with real intrusions that may occur
  • To ensure tests have measurable impact to operations
  • To determine frequency of team communication and reporting
  • To mitigate unintended impacts to operations (Correct)
  • To schedule personnel resources required for test activities (Correct)

Answer : To mitigate unintended impacts to operations To schedule personnel resources required for test activities

A SIEM analyst noticed a spike in activities from the guest wireless network to several electronic health record (EHR) systems. After further analysis, the analystdiscovered that a large volume of data has been uploaded to a cloud provider in the last six months. Which of the following actions should the analyst do FIRST?


Options are :

  • Activate the incident response plan
  • Notify the Chief Privacy Officer (CPO)
  • Contact the Office of Civil Rights (OCR) to report the breach
  • Put an ACL on the gateway router (Correct)

Answer : Put an ACL on the gateway router

JK0-016 CompTIA Network+ 2009 Edition Practice Exam Set 2

A security analyst is reviewing logs and discovers that a company-owned computer issued to an employee is generating many alerts and warnings. The analystcontinues to review the log events and discovers that a non-company-owned device from a different, unknown IP address is generating the same events. Theanalyst informs the manager of these findings, and the manager explains that these activities are already known and part of an ongoing events. Given this scenario,which of the following roles are the analyst, the employee, and the manager filling?


Options are :

  • The analyst is red team.The employee is white team.The manager is blue team.
  • The analyst is white team.The employee is red team.The manager is blue team.
  • The analyst is red team.The employee is blue team.The manager is white team.
  • The analyst is blue team.The employee is red team.The manager is white team. (Correct)

Answer : The analyst is blue team.The employee is red team.The manager is white team.

A security analyst is creating baseline system images to remediate vulnerabilities found in different operating systems. Each image needs to be scanned before it isdeployed. The security analyst must ensure the configurations match industry standard benchmarks and the process can be repeated frequently. Which of thefollowing vulnerability options would BEST create the process requirements?


Options are :

  • Utilizing an operating system SCAP plugin (Correct)
  • Utilizing an authorized credential scan
  • Utilizing a non-credential scan
  • Utilizing a known malware plugin

Answer : Utilizing an operating system SCAP plugin

A cybersecurity analyst was hired to resolve a security issue within a company after it was reported that many employee account passwords had beencompromised. Upon investigating the incident, the cybersecurity analyst found that a brute force attack was launched against the company.Which of the following remediation actions should the cybersecurity analyst recommend to senior management to address these security issues?


Options are :

  • Prohibit password reuse using a GPO.
  • Deploy multifactor authentication. (Correct)
  • Require security awareness training.
  • Implement DLP solution.

Answer : Deploy multifactor authentication.

N10-006 CompTIA Network+ Certification Practice Test Set 5

The Chief Information Security Officer (CISO) has asked the security staff to identify a framework on which to base the security program. The CISO would like toachieve a certification showing the security program meets all required best practices. Which of the following would be the BEST choice?


Options are :

  • ISO (Correct)
  • SDLC
  • OSSIM
  • SANS

Answer : ISO

Which of the following is a feature of virtualization that can potentially create a single point of failure?


Options are :

  • Load balancing hypervisors
  • Running multiple OS instances
  • Server consolidation (Correct)
  • Faster server provisioning

Answer : Server consolidation

An ATM in a building lobby has been compromised. A security technician has been advised that the ATM must be forensically analyzed by multiple technicians.Which of the following items in a forensic tool kit would likely be used FIRST? (Select TWO).


Options are :

  • Chain of custody form (Correct)
  • Drive imager
  • Hashing utilities
  • Write blockers (Correct)
  • Crime tape
  • Drive adapters

Answer : Chain of custody form Write blockers

CompTIA SY0-401 Security Certification Practice Exam Set 9

An organization uses Common Vulnerability Scoring System (CVSS) scores to prioritize remediation of vulnerabilities.Management wants to modify the priorities based on a difficulty factor so that vulnerabilities with lower CVSS scores may get a higher priority if they are easier toimplement with less risk to system functionality. Management also wants to quantify the priority. Which of the following would achieve managements objective?


Options are :

  • (CVSS Score) / Difficulty = PriorityWhere Difficulty is a range from 1 to 10 with 10 being easiest and lowest risk to implement (Correct)
  • ((CVSS Score) * 2) / Difficulty = PriorityWhere CVSS Score is weighted and Difficulty is a range from 1 to 5 with 5 being easiest and lowest risk to implement
  • (CVSS Score) * Difficulty = PriorityWhere Difficulty is a range from 0.1 to 1.0 with 1.0 being easiest and lowest risk to implement
  • (CVSS Score) * Difficulty = PriorityWhere Difficulty is a range from 1 to 5 with 1 being easiest and lowest risk to implement

Answer : (CVSS Score) / Difficulty = PriorityWhere Difficulty is a range from 1 to 10 with 10 being easiest and lowest risk to implement

A malicious user is reviewing the following output:root:~#ping 192.168.1.13764 bytes from 192.168.2.1 icmp_seq=1 ttl=63 time=1.58 ms64 bytes from 192.168.2.1 icmp_seq=2 ttl=63 time=1.45 msroot: ~#Based on the above output, which of the following is the device between the malicious user and the target?


Options are :

  • Proxy (Correct)
  • Switch
  • Hub
  • Access point

Answer : Proxy

A company has several internal-only, web-based applications on the internal network. Remote employees are allowed to connect to the internal corporate networkwith a company-supplied VPN client. During a project to upgrade the internal application, contractors were hired to work on a database server and were givencopies of the VPN client so they could work remotely. A week later, a security analyst discovered an internal web-server had been compromised by malware thatoriginated from one of the contractors laptops. Which of the following changes should be made to BEST counter the threat presented in this scenario?


Options are :

  • Require the contractors to bring their laptops on site when accessing the internal network instead of using the VPN from a remote location.
  • Deploy a web application firewall in the DMZ to stop Internet-based attacks on the web server.
  • Create a restricted network segment for contractors, and set up a jump box for the contractors to use to access internal resources.
  • Deploy an application layer firewall with network access control lists at the perimeter, and then create alerts for suspicious Layer 7 traffic.
  • Implement NAC to check for updated anti-malware signatures and location-based rules for PCs connecting to the internal network. (Correct)

Answer : Implement NAC to check for updated anti-malware signatures and location-based rules for PCs connecting to the internal network.

Mock Test : CompTIA CySA+ (CS0-001)

Which of the following describes why it is important to include scope within the rules of engagement of a penetration test?


Options are :

  • To ensure sensitive hosts are not scanned
  • To ensure all systems being scanned are owned by the company (Correct)
  • To ensure the network segment being tested has been properly secured
  • To ensure servers are not impacted and service is not degraded

Answer : To ensure all systems being scanned are owned by the company

A company that is hiring a penetration tester wants to exclude social engineering from the list of authorized activities. Which of the following documents shouldinclude these details?


Options are :

  • Acceptable use policy
  • Service level agreement
  • Rules of engagement (Correct)
  • Master service agreement
  • Memorandum of understanding

Answer : Rules of engagement

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions