Mock : CompTIA CySA+ (CS0-001)

Rhett notices that a code inside of a malware sample appears to be obfuscated. Which of the following methods is typically used to prevent codes from being easily read by opening a file?

Options are :

  • QR coding
  • Base64
  • Base128
  • XINT

Answer : Base64

Explanation The best option is base64. Malware usually uses base64 encoding and there are multiple formats, but online decoders can perform a rapid check to see if the code has anymore encoding other than base64. Other tools may have multiple methods, but it takes longer to figure it out.

A salesperson began having issues with their laptop becoming unresponsive after attempting to open a PDF in their email. They called the cyber security analyst, who checked the IDS and antivirus software for any unusual behavior or alerts, but the analyst found nothing suspicious. What term BEST describes this threat?

Options are :

  • Packet of death
  • Zero-day malware
  • PII exfiltration
  • Known virus

Answer : Zero-day malware

Explanation This threat is a zero-day malware. Since it is a new piece of malware, a signature has not been created for the antivirus or IDS definitions file. This type of malware cannot be combatted with traditional signature-based methods, such as anti-virus or an IDS.

CAS-001 CompTIA Advanced Security Practitioner Practice Exam Set 10

Lonnie’s penetration testing assignment is to evaluate the WPA2 Enterprise protected wireless networks in the company. What major differences exist between reconnaissance of a wired network and a wireless network?

Options are :

  • Encryption and physical accessibility
  • Network access control and encryption
  • Port security and physical accessibility
  • Authentication and encryption

Answer : Encryption and physical accessibility

Explanation The best choice is encryption and physical accessibility. Most wired networks do not use end-to-end encryption and wireless networks are usually more accessible. However, without more information, it cannot be determined if authentication is required for both networks or not. Port security is only used on wired connections.

Michelle is preparing to run an nmap scan of a targeted network. She wants to perform a quick scan but knows that a SYN scan isn’t possible because she doesn’t have raw socket privileges on the system she is going to conduct her scan from. What flag should she use to set her scan type?

Options are :

  • -sS
  • -O
  • -sT
  • -s

Answer : -sT

Explanation Nmap’s TCP scan function is enabled using the -sT flag and is a quick way to scan when you are unable to get raw socket access to the scanner system. Fast scans are more frequently conducted using the -sS (SYN) scan, but it requires raw socket access.

What type of scans are useful for probing firewall rules?

Options are :


Answer : TCP ACK

Explanation TCP ACK scans can help to determine what services are allowed through a firewall.

CompTIA Security+ (SY0-501) Practice Exams with Simulations Set 4

David is working on a checklist that will be used by different security teams inside of his organization. What SCAP component can he use to help write the checklist and report results in a standardized fashion?

Options are :

  • CCE
  • CPE
  • CVE

Answer : XCCDF

Explanation XCCDF (extensible configuration checklist description format) is a language that’s used in checklists for reporting results. CCE (common configuration enumeration), CPE (common platform enumeration), and CVE (common vulnerabilities exposure) all provide standards for security related flaws. Your best option is XCCDF.

Josh performed a system scan recently and noticed that it was running services on ports 139 and 445. What operating system is this system likely running?

Options are :

  • Ubuntu
  • macOS
  • CentOS
  • Windows

Answer : Windows

Explanation Ports 139 and 445 are associated with Windows file and printer sharing.

Latonya is making plans to patch a production system in an effort to correct a vulnerability that was detected during a recent scan. What process should she follow to minimize the risk of system failure while correcting the vulnerability?

Options are :

  • Deploy the patch immediately on the production system
  • Wait 60 days to deploy the patch - to determine whether or not bugs are reported
  • Deploy the patch in a sandbox environment to test it prior to production
  • Contact the vendor to determine a safe time frame for deploying the patch in production

Answer : Deploy the patch in a sandbox environment to test it prior to production

Explanation Out of all options listed, a sandbox environment is the best place to deploy a patch, because testing could be very thorough prior to release. This also reduces some of the risks you place on your network when you consider deploying a patch to a live environment. Asking the vendor to wait 60 days seems a little unreasonable.

JK0-015 CompTIA E2C Security+ 2008 Edition Practice Exam Set 2

SQL injection exploits usually receive access to a database by exploiting a vulnerability in ___________.

Options are :

  • Operating system
  • Web application
  • Database server
  • Firewall

Answer : Web application

Explanation SQL injections target the data stored in enterprise databases, by exploiting flaws in client-facing applications. These are typically found in web applications.

The presence of _________________ triggers specific vulnerability scanning requirements based upon law or regulation.

Options are :

  • Credit card information
  • Protected health information
  • Personally identifiable information
  • Trade secret information

Answer : Credit card information

Explanation All of these situations need laws to help with regulation, however, the only one that currently has a policy/law to follow is something involving credit card information. The Payment Card Industry Data Security Standard (PCI DSS) has detailed requirements for vulnerability scanning.

Jesus is creating a remediation procedure for vulnerabilities discovered in his organization. He would like to make sure that any vendor patches are tested prior to deploying them in production. What type of environment should be included to best address this issue?

Options are :

  • Sandbox
  • Honeypot
  • Honeynet
  • Production

Answer : Sandbox

Explanation Deploying changes in a sandbox environment gives a safe, isolated place for testing changes without interfering with production systems. Honeypots/Honeynets are not testing environments but they’re intended more to attract attackers. Vendor patches don’t need to be tested in production because it could negatively impact business operations.

CompTIA Network+ (N10-007) 6 Practice Exams and Simulations Set 5

James is working on developing a vulnerability scanner program for a large network of sensors that his organization uses to monitor a transcontinental gas pipeline. What term is typically used to describe this type of network?

Options are :

  • WLAN
  • VPN
  • P2P

Answer : SCADA

Explanation SCADA (supervisory control and data acquisition) networks is a type of network that works off of an ICS (industry control system) and is used to maintain sensors and control systems over large geographic areas.

Timothy’s company is starting a BYOD (bring your own device) policy for all mobile devices. Which of the following allows you to secure the sensitive information on personally owned devices, including administrators, and the ability to remotely wipe corporate information without affecting personal data?

Options are :

  • Remote wipe
  • Strong passwords
  • Biometric authentication
  • Containerization

Answer : Containerization

Explanation All of your options listed here could help secure mobile devices, but containerization is the only option that will allow you to isolate work from personal. This technology basically creates a vault that’s secured where your corporate information will reside.

Patrick is the manager of his organization's vulnerability scanning program. He’s experiencing some issues with scans aborting because the previous day scans are still running when the scanner attempts to start the current scans. Which of the following solutions is least likely to resolve the issue?

Options are :

  • Add a new scanner
  • Reduce the scope of scans
  • Reduce the sensitivity of scans
  • Reduce the frequency of scans

Answer : Reduce the sensitivity of scans

Explanation The best way to help Patrick is to lessen the number of systems in the scan or to add additional scanners to help balance the load. Changing the sensitivity level may not give accurate results.

CompTIA JK0-019 E2C Network Media & Topologies Practice Exam Set 2

Cherish is attempting to determine what systems should be subject to vulnerability scanning and what systems are exempt. She’d like to have a base for this decision relating to the criticality of system to business operations. Where would she find this information?

Options are :

  • The CEO
  • System names
  • IP addresses
  • Asset inventory

Answer : Asset inventory

Explanation The best resource to use, as of now, is the asset inventory. If this resource has been designed and implemented properly, as well as being maintained correctly, it should have most of the information in it. The CEO knows some of this but he/she doesn’t typically have time to review it. System names/IP addresses could contain some of the information but it isn’t as good of a resource as an inventory would be.

TRUE or FALSE: Organizations may decide not to remediate vulnerabilities because of conflicting business requirements.

Options are :

  • TRUE

Answer : TRUE

Explanation Organizations may make risk-based decisions not to remediate vulnerabilities. In those cases, they should create a documented exception.

Which of the following vulnerabilities would you consider the greatest threat to information confidentiality?

Options are :

  • HTTP TRACE/TRACK methods enabled
  • SSL Server with SSLv3 enabled vulnerability
  • phpinfo information disclosure vulnerability
  • Web application SQL injection vulnerability

Answer : Web application SQL injection vulnerability

Explanation Each vulnerability mentioned poses a significant risk. The greatest threat comes from the SQL injection because it allows an attacker to retrieve the information from the backend database and with this, the attacker could even alter the information and put it back and nobody would notice everything that had been changed. The HTTP TRACE/TRACK methods would not directly disclose information and the SSLv3 option is not even considered to be secure anymore.

CompTIA Security+ Certification (SY0-501): Practice Tests

Barrett noticed a critical vulnerability in a database at his organization. He received permission to implement an emergency change after the close of the business day. There are currently eight hours before the change window. What else needs to be done to prepare for the change?

Options are :

  • Ensure all stakeholders are informed of planned outage
  • Document the change in the change management system
  • Identify any potential risks associated with the change
  • All supplied choices

Answer : All supplied choices

Explanation Ample time is provided for Barrett to send out some communication and change management before making the change. Even though this is considered to be an urgent issue, communication is very important. A risk assessment should be conducted and the change management process should be started. These can be short forms of each, but they still need to be completed.

What SCAP component provides a language for specifying checklists?

Options are :

  • CPE
  • CCE
  • OVAL

Answer : XCCDF

Explanation The Extensible Configuration Checklist Description Format (XCCDF) provides a language for specifying checklists and reporting checklist results.

Matt is prioritizing vulnerability scans and has interest in basing the frequency of scanning on the information asset value. Which of the following items would be the most appropriate for him to use in this analysis?

Options are :

  • Cost of hardware acquisition
  • Cost of hardware replacement
  • Types of information processed
  • Depreciated hardware cost

Answer : Types of information processed

Explanation Information asset value is a number that an organization places on data stored, processed, and transmitted by an asset. Many different types of data, regulated data, intellectual property, personally identifiable information, etc. helps to determine the value of the asset. The cost of server acquisition, cost of hardware replacement, and depreciated costs refer to the financial value of the hardware, which is different from information value.

CompTIA CAS-002 Advanced Security Practitioner Certify Exam Set 1

Tanner noticed that a server is running a critical web application vulnerability. He would like to view the logs as the server belongs to his organization. The server is running Apache on CentOS with a default configuration. What is the name of the file where Tanner would expect to find the logs?

Options are :

  • httpd_log
  • apache_log
  • access_log
  • http_log

Answer : access_log

Explanation On Apache web servers, the logs are stored in a file named access_log. By default, the file may be found at /var/log/httpd/access_log.

Nicole is investigating a security incident at a government agency and discovers that attackers obtained PII. What is the information impact of this incident?

Options are :

  • None
  • Privacy breach
  • Proprietary breach
  • Integrity breach

Answer : Privacy breach

Explanation In a privacy breach, sensitive personally identifiable information (PII) was accessed or exfiltrated.

CompTIA JK0-022 E2C Security+ Compliance & Operational Exam Set 5

What items represent a document that includes detailed information on when an incident was detected, how impactful the incident was, how it was remediated, the effectiveness of the incident response, and any identified gaps that require improvement?

Options are :

  • Forensic analysis report
  • Chain of custody report
  • Trends analysis report
  • Lessons learned report

Answer : Lessons learned report

Explanation The lessons learned report provides you with the details of the incident, its severity, the remediation method, and most importantly, how effective your response was. Additionally, it provides recommendations for improvements in the future. A forensic analysis report would not provide recommendations for future improvements, even though it provides many of the other details.

Choose the set of Linux permissions set up from least permissive to most permissive?

Options are :

  • 777, 444, 111
  • 544, 444, 545
  • 711, 717, 117
  • 111, 734, 747

Answer : 111, 734, 747

Explanation Linux permissions are read "owner, group, other?. They also have numbers which are 4 (read), 2 (write), and 1 (execute). Therefore, the best option here begins with 777 because that gives the broadest set of permissions while 000 gives the least set of permissions.

You have been tasked to conduct a review of the firewall logs. During your review, you notice that an IP address from within your company’s server subnet had been transmitting between 125 to 375 megabytes of data to a foreign IP address during nighttime hours. Looking over the logs, you have determined this has been occurring for approximately 5 days and the affected server has since been taken offline for forensic review. What is MOST likely to increase the impact assessment of the incident?

Options are :

  • PII of company employees and customers was exfiltrated
  • Raw financial information about the company was accessed
  • Forensic review of the server required fallback on a less efficient service
  • IP addresses and other network-related configurations were exfiltrated

Answer : PII of company employees and customers was exfiltrated

Explanation If the PII (Personally Identifiable Information) of the company’s employees or customers was exfiltrated or stolen during the compromise, this would increase the impact assessment of the incident. Loss of PII is a large issue for corporations and one that might garner media attention as well.

CompTIA N10-004 Network+ Certification Practice Test Set 10

Laura needs a forensic copy of a drive encrypted with BitLocker. Which of the following methods is not one that should be used?

Options are :

  • Analyzing the hibernation file
  • Analyzing the memory dump file
  • Retrieving the key from the MBR
  • Performing a FireWire attack on mounted drives

Answer : Retrieving the key from the MBR

Explanation The best option is to retrieve the key from the MBR (master boot record). BitLocker keys can be retrieved via hibernation files or memory dumps. BitLocker information isn’t stored in an MBR.

After analyzing and correlating activity from the firewall logs, server logs, and the intrusion detection system logs, a cyber security analyst has determined that a sophisticated breach of the company’s network security may have occurred from a group of specialized attackers in a foreign country over the past five months. Up until now, these cyber attacks against the company network had gone unnoticed by the company’s information security team. What would this be an example of?

Options are :

  • advanced persistent threat (APT)
  • spear phishing
  • malicious insider threat
  • privilege escalation

Answer : advanced persistent threat (APT)

Explanation An advanced persistent threat (APT) is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. The intention of an APT attack is to steal data rather than to cause damage to the network or organization. APTs often work either in or for a foreign country.

TRUE or FALSE: Organizations should always involve law enforcement if they suspect a crime was committed.

Options are :

  • TRUE

Answer : FALSE

Explanation The organization should consult with management and legal counsel to decide whether to involve law enforcement.

CompTIA Network+ (N10-007) 6 Practice Exams and Simulations Set 1

Mark wants to validate the application file that he downloaded from the vendor of the application. What information should be requested from the vendor?

Options are :

  • File size and file creation date
  • MD5 hash
  • Private key and cryptographic hash
  • Public key and cryptographic hash

Answer : MD5 hash

Explanation The best answer is MD5 hash. This file needs to be a verifiable MD5 hash file in order to validate the other files. With this being the case, he can verify that the downloaded file matches the hash of the file from the vendor. This is an important step when security is critical in an organization.

You are a cyber security analyst and your company has just enabled key-based authentication on its SSH server. You have been asked to review the following log file and determine what action should be performed to secure the server. 

Sep 09 13:15:24 cramtopass sshd[3423]: Failed password for root from port 45273 ssh2
Sep 09 15:43:15 cramtopass sshd[3542]: Failed password for root from port 43543 ssh2
Sep 09 15:43:24 cramtopass sshd[3544]: Failed password for nobody from port 43589 ssh2
Sep 09 15:43:31 cramtopass sshd[3546]: Failed password for invalid user from port 43619 ssh2
Sep 09 15:43:31 cramtopass sshd[3546]: Failed password for jdion from port 43631 ssh2
Sep 09 15:43:37 cramtopass sshd[3548]: Failed password for root from port 43657 ssh2

Options are :

  • Disable anonymous SSH logon
  • Disable password authentication for SSH
  • Disable SSHv1
  • Disable remote root SSH logons

Answer : Disable password authentication for SSH

Explanation The ssh daemon is continually receiving login errors for all accounts. It would be prudent to disable the password authentication for SSH remote logins, while simultaneously implementing something like PKI authentication instead.

Stacy is in charge of Windows workstations in her domain and wants to protect them from buffer overflow attacks. What should be recommended to the domain administrators at her company?

Options are :

  • Install an anti-malware tool
  • Install an antivirus tool
  • Enable DEP in Windows
  • Set VirtualAllocProtection to 1 in the registry

Answer : Enable DEP in Windows

Explanation Windows comes with DEP, which is a built-in memory protection resource. This prevents code from being run in pages that are marked for nonexecutable. DEP, by default, only protects Windows programs and services classified as "essential?, but it can be used for all programs and services, or all programs and services except the ones on an exception list.

CompTIA Network+ (N10-007) : 6 Practice Exams - 2019 Set 2

What sanitization technique uses only logical techniques to remove data?

Options are :

  • Purge
  • Degauss
  • Destroy
  • Clear

Answer : Clear

Explanation Clear applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple noninvasive data recovery techniques. Degaussing, destruction, and purging all may involve physical techniques.

Sarah is attempting to determine whether the user of a company-owned laptop accessed a malicious wireless access point. Where can he find a list of the wireless networks the system already knows about?

Options are :

  • The registry
  • The user profile directory
  • The wireless adapter cache
  • Wireless network lists are not stored after use.

Answer : The registry

Explanation The best choice is the registry. The Windows registry keeps a list of wireless networks the system has previously connected to. The registry keys can be found in the directory of HKLM\Software\Microsoft\WindowsNT\CurrentVersion\NetworkList\Profiles. This stored in Local Machine because it keeps all copies, not just for specific users.

Steven is performing a forensic analysis of an iPhone backup and has discovered that only some of the information is there, not all of it. What is the best scenario that would result in the backup being used only having partial information?

Options are :

  • The backup was interrupted
  • The backup is encrypted
  • The backup is a differential backup
  • The backup is stored in iCloud.

Answer : The backup is a differential backup

Explanation iPhone backups can be full backups, or they can be differential backups. In the given scenario, chances are great that he’s found a differential backup which contains only the information that has changed since the last full backup. If the backup was encrypted, he would have to have additional tools/resources to access it and if that was interrupted, the file wouldn’t be in a state to be used. iCloud backups require access to someone’s computer account and aren’t as probable to be used in an investigation.

CompTIA A+ Certification 220-902

What regulation protects the privacy of student educational records?

Options are :

  • SO
  • GLBA

Answer : FERPA

Explanation The Family Educational Rights and Privacy Act (FERPA) requires that educational institutions implement security and privacy controls for student educational records.

Of the systems mentioned below, which of the following is not considered a component that belongs to the category of identity management infrastructure?

Options are :

  • HR system
  • LDAP
  • Provisioning engine
  • Auditing system

Answer : HR system

Explanation LDAP servers, provisioning engines, and auditing systems are all part of identity management infrastructures. The HR system is a data course for identity management, but not part of the infrastructure itself. Your best option is HR system.

Matt has been offered and accepted a position as a cybersecurity analyst for a bank which is privately owned. Which of the following regulations will have the greatest impact on his cybersecurity program?

Options are :

  • GLBA
  • SO

Answer : GLBA

Explanation The GLBA (Gramm Leach Bliley Act) is the only one listed that covers cybersecurity at financial institutions. HIPAA is for medical facilities/patients, FERPA is for educational situations, and SOX is for publicly traded companies.

JK0-019 CompTIA E2C Network + Certification Exam Set 1

Isaac is deploying a SIEM (security information and event management) system at his company. He doesn’t currently have the funding to purchase a commercial product, so which item, from the list below, would be a SIEM with an open source licensing model?

Options are :

  • AlienVault
  • QRadar
  • ArcSight

Answer : OSSIM

Explanation OSSIM is the best option listed. OSSIM is open source made by AlienVault and is capable of pulling information together from a wide variety of sources. The other options listed are all examples of commercial SIEM solutions.

Which policy contains (or should contain) requirements for removing user access when the user is terminated?

Options are :

  • Data ownership policy
  • Data classification policy
  • Data retention policy
  • Account management policy

Answer : Account management policy

Explanation Account management policies is the best option for this question. This describes the account life cycle from the beginning through use and decommissioning. Data ownership policies state the ownership information created/used, data classification policies describe the classification structure, and retention policies outline what information will be maintained and how long it will be maintained.

A cyber security professional visited an e-commerce website by typing in its URL and found that the administrative web frontend for its backend e-commerce application is accessible over the Internet and is only being protected by the default password. What three things should the analyst recommend to the website owner in order to MOST securely remediate this discovered vulnerability?

Options are :

  • Rename the URL to a more obscure name, whitelist all corporate IP blocks, and require two-factor authentication
  • Change the username and default password, whitelist specific source IP addresses, and require two-factor authentication for access
  • Change the default password, whitelist all specific IP blocks, and require two-factor authentication
  • Red Team all corporate IP blocks, require an alphanumeric passphrase for the default password, and require two-factor authentication

Answer : Change the username and default password, whitelist specific source IP addresses, and require two-factor authentication for access

Explanation Since the application was only protected by the default password, the username and password should be changed immediately to increase the security of the application. Since this is an administrative frontend, only a few machines should require access and they should specifically have their IP addresses added to the whitelist and deny all other machines from accessing the administrative frontend. Finally, since this is an administrative frontend, it is a best practice to utilize two-factor authentication in order to most effectively secure the application from attack.

CompTIA Security+ Cert. (SY0-501) Practice Tests Set 6

You have been asked to recommend a few technologies that are PKI X.509 compliant for use in some secure functions in the organization. What technology would NOT meet the compatibility requirement?

Options are :

  • AES
  • PKCS
  • 3DES

Answer : 3DES

Explanation 3DES is an older encryption method and is no longer considered secure. Public Key Infrastructure (PKI) relies on X.509 and its associated secure technologies, such as AES, PKCS, and SSL/TLS, in order to perform secure functions.

In which tier of the NIST cybersecurity framework does an organization understand its dependencies and partners?

Options are :

  • Partial
  • Risk informed
  • Repeatable
  • Adaptive

Answer : Repeatable

Explanation In the repeatable tier (Tier 3) of the NIST CSF, the organization understands its dependencies and partners and receives information from these partners that enables collaboration and risk-based management decisions within the organization in response to events.

Ashley is looking for a physical security control for her organization that will help protect against attacks where an individual could drive a vehicle through the glass doors in the front of the building. Which of the following would be the most effective way to protect against such attack?

Options are :

  • Mantraps
  • Security guards
  • Bollards
  • Intrusion alarm

Answer : Bollards

Explanation The best option is Bollards. These are physical barriers that are designed to prevent vehicles from crossing into an area. Mantraps prevent tailgating individuals, while security guards and intrusion alarms detect people but do not stop moving vehicles.

SY0-401 CompTIA Security+ Certification Practice Exam Set 4

There are four tiers of implementations for the NIST Cybersecurity Framework. What are they, ordered from least mature to most mature?

Options are :

  • Partial, Risk Informed, Repeatable, Adaptive
  • Partial, Repeatable, Risk Informed, Adaptive
  • Partial, Risk Informed, Managed, Adaptive
  • Partial, Managed, Risk Informed, Adaptive

Answer : Partial, Risk Informed, Repeatable, Adaptive

Explanation NIST, in the first tier, or stage 1 is: Partial, Risk Informed, Repeatable, and Adaptive.

Liberty Beverages allows its visiting business partners from SodaCorp to use an available Ethernet port in the Liberty Beverage conference rooms when they are in the building. This access is provided to allow employees of SodaCorp to have the ability to establish a VPN connection back to the SodaCorp network. You have been tasked to ensure that SodaCorp employees can gain direct Internet access from the Ethernet port in the conference room only. But, if a Liberty Beverage employee uses the same Ethernet port, they should be able to access Liberty’s internal network as well. What should you use to ensure this capability?

Options are :

  • ACL
  • SIEM
  • MAC
  • NAC

Answer : NAC

Explanation NAC should be used, so that the laptop being connected can be scanned to determine if it meets the normal baseline for a Liberty Beverage laptop. If it does, it can be given access to the company’s internal network. If not, it can be placed in a different subnet and given access only to the Internet.

Tony’s manager requires him to receive and inventory the items that his co-worker Barbara orders. This is an example of what kind of personnel control?

Options are :

  • Separation of duties
  • Background checks
  • Dual control
  • Mandatory vacation

Answer : Separation of duties

Explanation Tony's manager is using separation of duties to ensure that neither Barbara nor Tony can exploit the organization’s ordering processes. Dual control, the most likely other answer, requires two employees to perform an action together.

JK0-019 CompTIA E2C Network + Certification Exam Set 5

OWASP (Open Web Application Security Project) maintains an application called Orizon. This application reviews Java classes and points out potential security flaws. What type of tool is Orizon?

Options are :

  • Fuzzer
  • Static code analyzer
  • Web application assessor
  • Fault injector

Answer : Static code analyzer

Explanation Orizon performs reviews of Java classes, as stated above. With this, it also includes source code reviews. The other items listed are examples of dynamic code analysis where testing actually has to execute the code.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions