CompTIA CySA+ Set 1

Chris knows that systems have connected to a remote host on TCP ports 1433 and 1434. If he has no other data, what should his best guess be about what the host is?


Options are :

  • A print server
  • A Microsoft SQL server
  • A MySQL server
  • A secure web server running on an alternate port

Answer :A Microsoft SQL server

JK0-802 CompTIA A+ Certification Exam Set 11

What services will the following nmap scan test for?

nmap -sV -p 22,25,53,389 192.168.2.50/27


Options are :

  • telnet, SMTP, DHCP, MS-SQL
  • ssh, SMTP, DNS, LDAP
  • telnet, SNMP, DNS, LDAP
  • ssh, SNMP, DNS, RDP

Answer :ssh, SMTP, DNS, LDAP

While investigating a compromise, Glenn encounters evidence that a user account has been added to the system he is reviewing. He runs a diff of /etc/shadow and /etc/passwd and sees the following output. What has occurred?

>root:$6$XHxtN5iB$5WOyg3gGfzr9QHPLo.7z0XIQIzEW6Q3/K7iipxG7ue04CmelkjC51SndpOcQlxTHmW4/AKKsKew4f3cb/.BK8/:16828:0:99999:7:::

> daemon:*:16820:0:99999:7:::

> bin:*:16820:0:99999:7:::

> sys:*:16820:0:99999:7:::

> sync:*:16820:0:99999:7:::

> games:*:16820:0:99999:7:::

> man:*:16820:0:99999:7:::

> lp:*:16820:0:99999:7:::

> mail:*:16820:0:99999:7:::

> news:*:16820:0:99999:7:::

> uucp:*:16820:0:99999:7:::

> proxy:*:16820:0:99999:7:::

> www-data:*:16820:0:99999:7:::

> backup:*:16820:0:99999:7:::

> list:*:16820:0:99999:7:::

> irc:*:16820:0:99999:7:::


Options are :

  • The root account has been compromised.
  • An account named daemon has been added.
  • The shadow password file has been modified.
  • /etc/shadow and /etc/passwd cannot be diffed to create a useful comparison.

Answer :/etc/shadow and /etc/passwd cannot be diffed to create a useful comparison.

While conducting a topology scan of a remote web server, Susan notes that the IP addresses returned for the same DNS entry change over time. What has she likely encountered?


Options are :

  • A route change
  • Fast flux DNS
  • A load balancer
  • An IP mismatch

Answer :A load balancer

N10-006 CompTIA Network+ Certification Practice Test Set 10

Attackers have been attempting to log into Alainaís Cisco routers, causing thousands of log entries, and she is worried they may eventually succeed. Which of the following options should she recommend to resolve this issue?


Options are :

  • Prevent console login via ssh.
  • Implement a login-block feature with back-off settings.
  • Move the administrative interface to a protected network.
  • Disable console access entirely.

Answer :Move the administrative interface to a protected network.

Ron is reviewing his teamís work as part of a reconnaissance effort and is checking Wireshark packet captures. His team reported no open ports on 10.0.2.15. What issue should he identify with their scan based on the capture shown here?


Options are :

  • The host was not up.
  • Not all ports were scanned.
  • The scan scanned only UDP ports.
  • The scan was not run as root.

Answer :The scan scanned only UDP ports.

John needs to protect his organizationís authentication system against brute-force attacks. Which of the following control pairs are best suited to preventing a brute-force attack from succeeding if ease of use and maintenance is also important?


Options are :

  • Passwords and PINs
  • Passwords and biometrics
  • Passwords and token-based authentication
  • Token-based authentication and biometrics

Answer :Passwords and token-based authentication

JK0-019 CompTIA E2C Network + Certification Exam Set 8

While reviewing the command history for an administrative user, Chris discovers a suspicious command that was captured, shown here:

ln /dev/null ~/.bash_history

What action was this user attempting to perform?


Options are :

  • Enabling the bash history
  • Appending the contents of /dev/null to the bash history
  • Logging all shell commands to /dev/null
  • Allowing remote access from the null shell

Answer :Logging all shell commands to /dev/null

While attempting to stop a rogue service, Monica issues the following Linux command on an Ubuntu system using upstart:

service rogueservice stop

After a reboot, she discovers the service running again. What happened, and what does she need to do to prevent this?


Options are :

  • The service restarted at reboot; she needs to include the "-p", or permanent flag.
  • The service restarted itself; she needs to delete the binary associated with the service.
  • The service restarted at reboot; she should add an .override file to stop the service from starting.
  • A malicious user restarted the service; she needs to ensure users cannot restart services.

Answer :The service restarted at reboot; she should add an .override file to stop the service from starting.

Lucca wants to validate DNS responses to ensure that they are from authoritative DNS servers. What technology can he use to do this?


Options are :

  • DNSSEC
  • DNSCrypt
  • DNShield
  • DNS is an open protocol and does not support secure validation.

Answer :DNSSEC

SK0-004 CompTIA Server+ Certification Practice Exam Set 9

Nathan has been asked to monitor and manage the environment in which a cybersecurity exercise is conducted. What team is he on?


Options are :

  • Red team
  • White team
  • Blue team
  • Black team

Answer :White team

Allanís nmap scan includes a line that starts with cpe:/o. What type of information should he expect to gather from the entry?


Options are :

  • Common privilege escalation
  • Operating system
  • Certificate performance evaluation
  • Hardware identification

Answer :Operating system

Which of the following items is not typically included in the rules of engagement for a penetration test?


Options are :

  • Timing
  • Authorization
  • Scope
  • Authorized tools

Answer :Authorized tools

CompTIA N10-004 Network+ Certification Practice Test Set 9

Isaac wants to prevent hosts from connecting to known malware distribution domains. What type of solution can he use to do this without deploying endpoint protection software or an IPS?


Options are :

  • Route poisoning
  • Anti-malware router filters
  • Subdomain whitelisting
  • DNS blackholing

Answer :DNS blackholing

While scanning a network, Frank discovers a host running a service on TCP ports 1812 and 1813. What type of server has Frank most likely discovered?


Options are :

  • RADIUS
  • VNC
  • Kerberos
  • Postgres

Answer :RADIUS

While reviewing output from netstat, John sees the following output. What should his next action be?

[minesweeper.exe]

TCP 127.0.0.1:62522 dynamo:0 LISTENING

[minesweeper.exe]

TCP 192.168.1.100 151.101.2.69:https ESTABLISHED


Options are :

  • Capture traffic to 151.101.2.69 using Wireshark.
  • Initiate the organizationís incident response plan.
  • Check to see whether 151.101.2.69 is a valid Microsoft address.
  • Ignore it, because this is a false positive.

Answer :Initiate the organizationís incident response plan.

CompTIA N10-004 Network+ Certification Practice Test Set 2

Shane wants to conduct an nmap scan of a firewalled subnet. Which of the following is not an nmap firewall evasion technique he could use?


Options are :

  • Fragmenting packets
  • Changing packet header flags
  • Spoofing the source IP
  • Appending random data

Answer :Changing packet header flags

Alex is observing a penetration tester who has gained access to a Windows domain controller. The penetration tester runs a program called fgdump and gathers information from the system. What type of information has the penetration tester targeted?


Options are :

  • File and group information
  • Changing packet header flags
  • Spoofing the source IP
  • Appending random data

Answer :Changing packet header flags

Which of the following commands will provide Ben with the most information about a host?


Options are :

  • dig -x [ip address]
  • host [ip address]
  • nslookup [ip address]
  • zonet [ip address]

Answer :dig -x [ip address]

CLO-001 CompTIA Cloud Essentials Certification Practice Test Set 2

Selah suspects that the Linux system she has just logged into may be Trojaned and wants to check where the bash shell she is running is being executed from. What command should she run to determine this?


Options are :

  • where bash
  • ls -l bash
  • which bash
  • printenv bash

Answer :which bash

Adam needs to provide ssh access to systems behind his data center firewall. If Adamís organization uses the system architecture shown here, what is the system at point A called?



Options are :

  • A firewall-hopper
  • An isolated system
  • A moat-protected host
  • A jump box

Answer :A jump box

Angela wants to block traffic sent to a suspected malicious host. What iptables rule entry can she use to block traffic to a host with IP address 10.24.31.11?


Options are :

  • iptables -A OUTPUT -d 10.24.31.11 -j DROP
  • iptables -A INPUT -d 10.24.31.11 -j ADD
  • iptables -block -host 10.24.31.11 -j DROP
  • iptables -block -ip 10.24.31.11 -j ADD

Answer :iptables -A OUTPUT -d 10.24.31.11 -j DROP

CompTIA JK0-801 A+ Networking & PC Hardware Practice Exam Set 1

Fredís reconnaissance of an organization includes a search of the Censys network search engine. There, he discovers multiple certificates with validity dates as shown here:

Validity

2016-07-07 00:00:00to 2017-08-11 23:59:59 (400 days, 23:59:59)

2016-07-08 00:00:00to 2017-08-12 23:59:59 (400 days, 23:59:59)

2017-07-11 00:00:00to 2018-08-15 23:59:59 (400 days, 23:59:59)

What should Fred record in his reconnaissance notes?


Options are :

  • The certificates expired as expected, showing proper business practice.
  • The certificates were expired by the CA, possibly due to nonpayment.
  • The system that hosts the certificates may have been compromised.
  • The CA may have been compromised, leading to certificate expiration.

Answer :The certificates expired as expected, showing proper business practice.

After receiving a penetration test report, Rick has decided to implement anti-harvesting techniques for his organizationís DNS. Which of the following sets of techniques is best suited to preventing bulk and automated information gathering?


Options are :

  • CAPTCHA and proxy services
  • Rate limiting and CAPTCHA
  • Not publishing TLD zone files and blacklisting
  • CAPTCHA and blacklisting

Answer :Rate limiting and CAPTCHA

When Casey scanned a network host, she received the results shown here. What does she know based on the scan results?


Options are :

  • The device is a Cisco device.
  • The device is running CentOS.
  • The device was built by IBM.
  • None of the above

Answer :None of the above

CompTIA Network+ N10 006 Set 6

What is a document that lists sensitive data-handling rules, contact information, black-box testing, and status meeting schedules called during a penetration test?


Options are :

  • The ďget out of jail freeĒ card
  • The rules of engagement
  • Executive sign-off
  • A penetration test standard

Answer :The rules of engagement

Fred conducts an SNMP sweep of a target organization and receives no-response replies from multiple addresses that he believes belong to active hosts. What does this mean?


Options are :

  • The machines are unreachable.
  • The machines are not running SNMP servers.
  • The community string he used is invalid.
  • Any or all of the above may be true.

Answer :Any or all of the above may be true.

Angela wants to gather detailed information about the hosts on a network passively. If she has access to a Wireshark pcap file from the network, which of the following tools can she use to provide automated analysis of the file?


Options are :

  • ettercap
  • NetworkMiner
  • Sharkbait
  • dradis

Answer :NetworkMiner

CompTIA Cyber Security Analyst (CySA+) Practice Exams 2019 Set 4

Rickís security research company wants to gather data about current attacks and sets up a number of intentionally vulnerable systems that allow his team to log and analyze exploits and attack tools. What type of environment has Rick set up?


Options are :

  • A tarpit
  • A honeypot
  • A honeynet
  • A blackhole

Answer :A honeynet

While performing reconnaissance of an organizationís network, Angela discovers that web.organization.com, www.organization.com, and documents.organization.com all point to the same host. What type of DNS record allows this?


Options are :

  • A CNAME
  • An MX record
  • An SPF record
  • An SOA record

Answer :A CNAME

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

-->