CompTIA CySA+ (CS0-001) 5 Practice Certification Exams Set 7

Fred is able to use a known vulnerability and compromise an Apache web server. After he gains access, what's his next step, if he's attempting to use the system to pivot to protected systems behind the DMZ?

Options are :

  • Vulnerability scanning
  • Privilege escalation
  • Patching
  • Installing additional tools

Answer :Privilege escalation

CompTIA JK0-015 E2C Security+ Certification Practice Test Set 24

Christina needs to retrieve some information about an organization's network infrastructure without causing an IPS to alert her target of the activity. This happens during the reconnaissance stage of a penetration test. Which is the best option?

Options are :

  • Perform a DNS brute-force attack.
  • Use an nmap ping sweep.
  • Perform a DNS zone transfer.
  • Use an nmap stealth scan.

Answer :Perform a DNS brute-force attack.

Barbie would like to implement a control that prevents unauthorized users from connecting to her company's wireless network. What security control best meets this requirement?

Options are :

  • NAC
  • Firewall
  • IPS
  • Segmentation

Answer :NAC

You received an incident response report that indicates a piece of malware was introduced into the company's network through a remote workstation that was connected to the company's servers over a VPN connection. You have been asked for a recommendation to solve this issue: what control should be applied to prevent this type of incident from occurring in the future?

Options are :

  • ACL
  • NAC
  • TAP
  • MAC filtering

Answer :NAC

JK0-016 CompTIA Network+ 2009 Edition Practice Exam Set 4

Which language would require the use of a decompiler during reverse engineering?

Options are :

  • Ruby
  • Python
  • Objective-C
  • JavaScript

Answer :Objective-C

A(n) ____________ provides organizations with an attacker's perspective on their security.

Options are :

  • Vulnerability Scan
  • Asset Management
  • Penetration Test
  • Patch Management

Answer :Penetration Test

Sam's security team uses a netflow collector that is capable of handling 1g of traffic per second (1g/s). As the company has grown, the external network collection has increased to 2g/s. This has begun to approach full utilization at various times of the day. If his team doesn't have money to purchase a more capable collector, what option can he use to still collect useful data?

Options are :

  • Enable QoS
  • Enable netflow compression
  • Enable sampling
  • None of these options

Answer :Enable sampling

CompTIA 220-801 A+ Advanced Certification Practice Exam Set 7

Aaron is attempting to conduct a passive footprinting exercise against a specific target company. Which of the techniques listed below is not suited for a passive footprinting process?

Options are :

  • WHOIS lookups
  • Banner grabbing
  • BGP looking glass usage
  • Registrar checks

Answer :Banner grabbing

Your company is hiring a penetration tester to conduct an assessment, but wants to exclude social engineering from the list of authorized activities. What document given to the penetration tester should include this requirement?

Options are :

  • Acceptable Use Policy
  • Service Level Agreement
  • Rules of Engagement
  • Memorandum of Understanding

Answer :Rules of Engagement

In what type of attack does the attacker begins with a normal user account and then seeks to gain additional access rights?

Options are :

  • Privilege escalation
  • Spear phishing
  • Cross-site Scripting
  • Remote code exploitation

Answer :Privilege escalation

CompTIA Network+ N10 006 Set 6

Kyle is replacing a vulnerability scanner with a new product. As he begins to build out the policy, he notices some conflicts in the scanning settings between different documents. Which of the following sources would give him the highest priority with trying to resolve these conflicts?

Options are :

  • NIST guidance documents
  • Vendor best practices
  • Corporate policy
  • Configuration settings from the prior system

Answer :Corporate policy

Mary Beth is preparing her organization for the required quarterly PCI DSS external vulnerability scan. Who can perform this scan?

Options are :

  • Anyone
  • Any qualified individual
  • Only employees of the company
  • Only an approved scanning vendor

Answer :Only an approved scanning vendor

Ryan wants to purge a drive to ensure that the data cannot be extracted from it when it is no longer on-site. Which of the following is not an option for purging hard drives on Windows systems?

Options are :

  • Use the built-in Windows sdelete command line.
  • Use Eraser
  • Use DBAN
  • Encrypt the drive and then delete the key

Answer :Use the built-in Windows sdelete command line.

CompTIA CySA+ Set 3

Juanita wanted to track the changes made to the registry as well as the file system while running a suspect executable on a Windows system. Which Sysinternal tool will allow this to occur?

Options are :

  • App Monitor
  • Resource Tracker
  • Process Monitor
  • There is not a Sysinternals tool with this capability

Answer :Process Monitor

As Jason is studying the computer forensics playbook for his company, he notices that forensic investigators are required to use a chain of custody form. What information would be recorded on this form if he were conducting an investigation?

Options are :

  • The list of individuals who made contact with files leading to the investigation
  • The list of former owners/operators of the PC involved in the investigation
  • All individuals who work with evidence during the investigation
  • The police officers who take possession of the evidence

Answer :All individuals who work with evidence during the investigation

Crystal needs to perform forensics on a virtual machine. What process should be used to ensure all of the forensic data is acquired?

Options are :

  • Suspend the machine and copy the contents of the directory it resides in
  • Perform a live image of the machine
  • Suspend the machine and make a forensic copy of the drive it resides on
  • Turn the virtual machine off and make a forensic copy of it

Answer :Suspend the machine and copy the contents of the directory it resides in

LX0-104 CompTIA Linux + Powered by LPI Practice Exam Set 3

Of the items below, which of the following parties communicates with the end user during a SAML transaction?

Options are :

  • Relying party
  • SAML identity provider
  • Both the relying party and the SAML identity provider
  • Neither the relying party nor the SAML identity provider

Answer :Both the relying party and the SAML identity provider

In SAML authentication, which role of the authentication flow validates the user's identity?

Options are :

  • The SP
  • The IDP
  • The principal
  • The RP

Answer :The IDP

What describes the infrastructure needed to support the other architectural domains in the TOGAF framework?

Options are :

  • Business architecture
  • Applications architecture
  • Data architecture
  • Technical architecture

Answer :Technical architecture

CompTIA JK0-015 E2C Security+ Certification Practice Test Set 2

A security consultant is working with a company that runs critical web applications. The consultant has noticed that an application has a serious SQL injection vulnerability, but the system cannot be taken offline during the time period which the consultant is available to remediate the situation. Which of the following is the best compensating control?

Options are :

  • IPS
  • WAF
  • Vulnerability scanning
  • Encryption

Answer :WAF

What technology is not PKI x.509 compliant and CANNOT be used in a variety of secure functions?

Options are :

  • AES
  • IDEA
  • PKCS

Answer :IDEA

A new security appliance was installed on a network as part of a managed service deployment. The vendor who controls the appliance and the IT team is not able to log in or configure it. The IT team is concerned about the appliance receiving necessary updates. Which of the following would perform as the best control to alleviate the concern for the appliance and updates?

Options are :

  • Configuration management
  • Vulnerability scanning
  • Intrusion prevention
  • Automatic updates

Answer :Vulnerability scanning

FC0-U41 CompTIA Strata IT Fundamentals Practice Exam Set 7

Brett is considering the deployment of OpenSSL in his organization. He would like to select a cipher suite. Which of the following ciphers should not be used with OpenSSL?

Options are :

  • DES
  • AES
  • RSA
  • ECC

Answer :DES

Betsy has been asked to perform an architectural review and uses a view that focuses on the technologies, settings, and configurations used in the architecture. What view is she using?

Options are :

  • Operational view
  • Acquisition view
  • Technical view
  • Logical view

Answer :Technical view

Natalie's organization is adopting the ITIL service management strategy. Which of the following is an ITIL core activity that includes security management as a process?

Options are :

  • Service strategy
  • Service design
  • Service transition
  • Service operation

Answer :Service design

CompTIA CA1-001 Advanced Security Practitioner Practice Exam Set 2

Bucky, a web developer, wants to protect a new web app from MITM (man-in-the-middle) attacks where attackers steal tokens stored in cookies. Which of the following controls would best prevent this attack?

Options are :

  • Forcing the use of TLS for the web application
  • Forcing the use of SSL for the web application
  • Setting the secure attribute on the cookie
  • Hashing the cookie value

Answer :Setting the secure attribute on the cookie

Chesney is working to evaluate some forensic tools and would like to have the option of an open source forensic suite. Which one of the following best meets this need?

Options are :

  • FTK
  • EnCase
  • SIFT
  • Helix

Answer :SIFT

Brittney is working to create a password policy for her organization and would like to include a setting that will limit the length of exposure an account would have with a compromised password. Which of the following would best meet this requirement?

Options are :

  • Minimum password length
  • Password history
  • Password expiration
  • Password complexity

Answer :Password expiration

CompTIA Security+ Certification (SY0-501): Sample Tests

Russell is designing an infrastructure to be used for authentication and wants to run an authentication protocol over an insecure network without having to use additional encryption services. Which of the following is most appropriate for this situation?

Options are :

  • Kerberos

Answer :Kerberos

Steven is hoping to deploy a new application that he received from a vendor. He's unsure if the hardware is adequate to support the number of users during peak periods. What type of testing can be done to help evaluate this issue?

Options are :

  • User acceptance testing
  • Load testing
  • Regression testing
  • Fuzz testing

Answer :Load testing

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions