CompTIA CySA+ (CS0-001) 5 Practice Certification Exams Set 5

When unable to implement a required control, administrators may choose to make up for the gap by implementing a ____________.


Options are :

  • Compensating control
  • Vulnerability
  • Remediation
  • Policy

Answer :Compensating control

SY0-401 CompTIA Security+ Certification Practice Exam Set 5

Nick has put the following command on a Linux system:

#echo 127.0.0.1 example.com >> /etc/hosts.

What has he done?


Options are :

  • Added the system to the allowed hosts file
  • Routed traffic for the example.com domain to the local host
  • Routed local host traffic to example.com
  • Overwritten the host file and deleted all data except this entry

Answer :Routed traffic for the example.com domain to the local host

Of all options listed below, which of the following is not typically included in the rules of engagement for a penetration test?


Options are :

  • Timing
  • Authorization
  • Scope
  • Authorized tools

Answer :Authorized tools

Jamie has completed the scoping document for a penetration test. The document includes the details of what tools, techniques, and targets are included in the test. What’s the next step?


Options are :

  • Port scan the target.
  • Get sign-off on the document.
  • Begin passive fingerprinting.
  • Notify local law enforcement.

Answer :Get sign-off on the document.

Mock : CompTIA CySA+ (CS0-001)

Amy notices that a server’s hostname is resolving to a cloudflare.com host. This came from a vulnerability scan. What does she know about her scan?


Options are :

  • It’s being treated like a DDoS attack
  • It’s scanning a CDN-hosted copy of the site
  • It will not return useful information
  • Nothing can be determined about this site with this information

Answer :It’s scanning a CDN-hosted copy of the site

Rhonda is responsible for the design of data center and networks at her organization. She wants to establish a secure zone and a DMZ. If she wants to verify that user accounts and systems traffic in the DMZ can be logged while preventing negative impacts from infected workstations, which is the best design solution?


Options are :

  • Administrative virtual machines running on administrative workstations
  • Jump hosts
  • Bastion hosts
  • SSH/RDP from administrative workstations

Answer :Jump hosts

When running an nmap scan, what is the default nmap scan type when nmap is not provided with a flag?


Options are :

  • A TCP FIN scan
  • A TCP connect scan
  • A TCP SYN scan
  • A UDP scan

Answer :A TCP SYN scan

JK0-015 CompTIA E2C Security+ 2008 Edition Practice Exam Set 11

A cyber security analyst has noticed some unusual network traffic occurring from a certain host. This host has been communicating with a known malicious server over an encrypted web tunnel on port 443. The analyst runs a full antivirus scan of the host with an updated antivirus signature file, but the antivirus doesn’t find any sign of an infection. What has MOST likely occurred to the host?


Options are :

  • Zero-day attack
  • Known malware attack
  • Session hijack
  • Cookie stealing

Answer :Zero-day attack

What version of web encryption should be used currently in order to avoid the security vulnerabilities from earlier versions?


Options are :

  • SSLv1
  • SSLv2
  • SSLv3
  • TLS

Answer :TLS

What is NOT considered part of the Internet of Things?


Options are :

  • SCADA systems
  • ICS
  • Internet-connected television
  • A Windows 2016 server configured as a domain controller

Answer :A Windows 2016 server configured as a domain controller

CompTIA SY0-401 Security Certification Practice Exam Set 1

TRUE or FALSE: Analysts prioritizing vulnerabilities for remediation should consider the difficulty of remediation when assigning priorities.


Options are :

  • TRUE
  • FALSE

Answer :TRUE

What vulnerability involves leveraging access from a single virtual machine to other machines on the network?


Options are :

  • VM escape
  • VM migration
  • VM reuse
  • VM vulnerability

Answer :VM escape

You are conducting a security test to ensure that information about your company’s web server is protected from disclosure. You request an HTML file from the web server and received the following response:

What action should you take to remediate this security issue?


Options are :

  • Set “Allowlatescanning” to 1 in the URLScan.ini configuration file
  • Set “Removeserverheader” to 1 in the URLScan.ini configuration file
  • Set “Enablelogging” to 1 in the URLScan.ini configuration file
  • Set “Perprocesslogging” to 1 in the URLScan.ini configuration file

Answer :Set “Removeserverheader” to 1 in the URLScan.ini configuration file

CT0-101 Convergence+ Certification Practice Exam Set 5

A company wants to remediate vulnerabilities inside its web servers. An initial vulnerability scan was performed and the cyber security analysts are now reviewing the results. The cyber security analysts want to remove false positives before starting any remediation efforts in order to avoid wasting their time on issues that are not actual vulnerabilities. What is an indicator of something that is most likely a false positive?


Options are :

  • Reports show the scanner compliances plug-ins are not up-to-date
  • Any items labeled ‘low’ are considered informational only
  • The scan result versions are different from the automated asset inventory
  • ‘HTTPS’ entries indicate the web page is encrypted securely

Answer :Any items labeled ‘low’ are considered informational only

Gary is interpreting a vulnerability scan report and finds a vulnerability in a system that has a CVSS access vector rating of A. What statement is correct based upon this information?


Options are :

  • The attacker must have physical or logical access to the affected system.
  • Exploiting the vulnerability requires the existence of specialized conditions.
  • The attacker must have access to the local network that the system is connected to.
  • Exploiting the vulnerability does not require any specialized conditions.

Answer :The attacker must have access to the local network that the system is connected to.

What requires that government agencies and other organizations' operating systems on behalf of government agencies comply with security standards?


Options are :

  • FISMA
  • SOX
  • HIPPA
  • COPPA

Answer :FISMA

SK0-004 CompTIA Server+ Certification Practice Exam Set 7

TRUE or FALSE: Discovery scans provide organizations with an automated way to identify hosts on a network and build an asset inventory.


Options are :

  • TRUE
  • FALSE

Answer :TRUE

Which of the following types of data is subject to regulations in the United States that specify a minimum frequency of vulnerability scanning?


Options are :

  • Driver’s license numbers
  • Insurance records
  • Credit card data
  • Medical records

Answer :Credit card data

There are several unpatched servers that have undetected vulnerabilities because the vulnerability scanner does not have the latest set of signatures installed. The management team has directed the analysts to update their vulnerability scanners with the latest signatures at least 24 hours before conducting any scans, but the outcome of the scan remains the same. What is the BEST logical control to address the current failure?


Options are :

  • Configure a script to automatically update the scanning tool every 24 hours
  • Have the analyst manually validate that the updates are being performed as directed
  • Test the vulnerability remediation in a sandbox before deploying
  • Configure vulnerability scans to run in credentialed mode

Answer :Configure a script to automatically update the scanning tool every 24 hours

CompTIA JK0-015 E2C Security+ Certification Practice Test Set 27

Lonnie is preparing to perform vulnerability scans against a set of workstations in his organization. He’s particularly concerned about system configuration settings. Which of the following scans will provide the best results?


Options are :

  • Unauthenticated scan
  • Credentialed scan
  • External scan
  • Internal scan

Answer :Credentialed scan

Your organization’s primary operating system vendor just released a critical patch for your servers. Your system administrators have recently deployed this patch and verified the installation was successful. The critical patch designed to remediate a vulnerability that can allow a malicious actor to remotely execute code on the server from over the Internet. However, you just ran a vulnerability assessment scan of the network and found that all of the servers are still being reported as having the vulnerability. Why is the scan report still showing a vulnerability even though the patch was installed by the system administrators?


Options are :

  • Your vulnerability assessment scan is returning false positives
  • The critical patch did not remediate the vulnerability
  • You did not wait enough time after applying the patch before running the vulnerability assessment scan
  • You scanned the wrong IP range during your vulnerability assessment

Answer :The critical patch did not remediate the vulnerability

TRUE or FALSE: PCI DSS requires the use of an outside consultant to perform internal vulnerability scans.


Options are :

  • TRUE
  • FALSE

Answer :FALSE

CompTIA 220-801 A+ Advanced Certification Practice Exam Set 1

Which type of attacker is considered to be sophisticated, highly organized, and typically sponsored by a nation-state?


Options are :

  • Script kiddies
  • Hacktivists
  • Advanced Persistent Threat
  • Ethical hacker

Answer :Advanced Persistent Threat

TRUE or FALSE: When evaluating the functional impact of a security incident, an analyst should assign a rating of high in cases where the organization is not able to provide some critical services to any users.


Options are :

  • TRUE
  • FALSE

Answer :TRUE

Caleb is designing a playbook for zero-day threats as part of his incident response program. Which of the following items should not be in his plan?


Options are :

  • Segmentation
  • Patching
  • Using threat intelligence
  • Whitelisting

Answer :Patching

CompTIA Security+ Certification (SY0-501): Sample

What stage of an event is preservation of evidence typically handled?


Options are :

  • Preparation
  • Detection and analysis
  • Containment, eradication, and recovery
  • Post-incident activity

Answer :Containment, eradication, and recovery

During the preparation phase of an organization's incident response process, Aaron gathered a laptop with useful software. The software included a sniffer, forensics tools, thumb drives and external hard drives, networking equipment, and a variety of cables. What type of equipment is this typically called?


Options are :

  • A grab bag
  • A jump kit
  • A crash cart
  • A first responder kit

Answer :A jump kit

Paula is working on a report that describes the common attack models used by APT actors. Which of the following is a typical characteristic of an APT attack?


Options are :

  • They involve sophisticated DDoS attacks
  • They quietly gather information from compromised systems
  • They rely on worms to spread
  • They use encryption to hold data hostage

Answer :They quietly gather information from compromised systems

CompTIA A+ Certification 220-901: Practice Tests | Questions and Answers

Degaussing is an example of what type of media sanitization?


Options are :

  • Clearing
  • Purging
  • Destruction
  • It isn’t a form of media sanitization

Answer :Purging

A cyber security technician has been running an intensive vulnerability scan to detect which ports might be open to exploitation. But, during the scan, one of the network services became disabled and this impacted the production server. What information source could be used to evaluate which network service was interrupted?


Options are :

  • Syslog
  • Network mapping
  • Firewall logs
  • NIDS

Answer :Syslog

What is NOT part of the security incident validation effort?


Options are :

  • Scanning
  • Sanitization
  • Patching
  • Permissions

Answer :Sanitization

CT0-101 Convergence+ Certification Practice Exam Set 4

Richard noticed that the forensic image he attempted to create has failed. What would be the most likely reason for the failure?


Options are :

  • Data was modified
  • The source disk is encrypted
  • The destination disk has bad sectors
  • The data cannot be copied in RAW format

Answer :The destination disk has bad sectors

TRUE or FALSE: CSIRTs should sometimes include human resource team members.


Options are :

  • TRUE
  • FALSE

Answer :TRUE

NIST describes four major phases in the incident response cycle. Which is not one of the four?


Options are :

  • Containment, eradication, and recovery
  • Notification and communication
  • Detection and analysis
  • Preparation

Answer :Notification and communication

CompTIA IT Fundamentals (Exam FC0-U61) Practice Tests Set 4

Jenny is trying to detect unexpected output from the application she manages/monitors. What type of tool can be used to detect the output effectively?


Options are :

  • A log analysis tool
  • A behavior based analysis tool
  • A signature based detection tool
  • Manual analysis

Answer :A behavior based analysis tool

Several years ago, the Stuxnet attack relied on engineers that took malware with them, crossing the air gap between networks. What type of threat uses this method?


Options are :

  • Email
  • Web
  • Removable media
  • Attrition

Answer :Removable media

What is not a major category of security event indicator?


Options are :

  • Alerts
  • Logs
  • People
  • Databases

Answer :Databases

FC0-U41 CompTIA Strata IT Fundamentals Practice Test Set 2

Who should coordinate incident-related communications with the media during an incident response?


Options are :

  • Cyber security analysts
  • Chief Technology Officer
  • Public Relations Officer
  • Human Resources Officer

Answer :Public Relations Officer

What provides the detailed, tactical information that CSIRT members need when responding to an incident?


Options are :

  • Procedures
  • Guidelines
  • Policies
  • Instructions

Answer :Procedures

During what phase of the incident response process does an organization assemble an incident response toolkit?


Options are :

  • Preparation
  • Detection and analysis
  • Containment, eradication, and recovery
  • Post-incident activity

Answer :Preparation

SY0-401 CompTIA Security+ Certification Practice Exam Set 10

What tool is NOT useful for capturing or analyzing memory data for forensic analysis on a Windows machine?


Options are :

  • Fmem
  • Volatility Framework
  • DumpIt
  • EnCase

Answer :Fmem

Richard’s company processes credit cards and they are required to be compliant with PCI-DSS. If his company has a breach of card data, what type of disclosure will they have to provide?


Options are :

  • Notification to local law enforcement
  • Notification to their acquiring bank
  • Notification to federal law enforcement
  • Notification to Visa and Mastercard

Answer :Notification to their acquiring bank

Rhonda would like to build some scripts that detect malware beaconing behavior. Which one of the following isn’t a typical means of identifying malware behavior on a network?


Options are :

  • Persistence of the beaconing
  • Beacon protocol
  • Beaconing interval
  • Removal of known traffic

Answer :Beacon protocol

CompTIA CySA+ Set 13

What security control provides Windows administrators with an efficient way to manage system configuration settings across a large number of devices?


Options are :

  • Patch management
  • GPO
  • HIPS
  • Anti-malware

Answer :GPO

Tyler needs to implement a security control designed to detect fraudulent cases that happen, regardless of the presence of other security controls. Which of the following is best suited to meet his needs?


Options are :

  • Separation of duties
  • Least privilege
  • Dual control
  • Mandatory vacations

Answer :Mandatory vacations

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions