CompTIA CySA+ Set 13

Brian’s penetration testing efforts have resulted in him successfully gaining access to a target system. Using the diagram shown here, identify what step occurs at point B in the NIST SP800-115 process flow.




Options are :

  • Vulnerability scanning
  • Discovery
  • Escalating privileges
  • Pivoting

Answer :Escalating privileges

Chris wants to prevent remote login attacks against the root account on a Linux system. What method will stop attacks like this while allowing normal users to use ssh?


Options are :

  • Add an iptables rule blocking root logins.
  • Add root to the sudoers group.
  • Change sshd_config to deny root login.
  • Add a network IPS rule to block root logins.

Answer :Change sshd_config to deny root login.

What term is often used for attackers during a penetration test?


Options are :

  • Black team
  • Blue team
  • Red team
  • Green team

Answer :Red team

CompTIA A+ (220-1001) Test Prep, Exams and Simulations Set 1

Charles uses the following command while investigating a Windows workstation used by his organization’s vice president of finance who only works during normal business hours. Charles believes that the workstation has been used without permission by members of his organization’s cleaning staff after-hours. What does he know if the user ID shown is the only user ID able to log into the system, and he is investigating on August 12, 2017?

C:\Users\bigfish>wmic netlogin get name,lastlogon,badpasswordcount

BadPasswordCount LastLogon Name

NT AUTHORITY\SYSTEM 0 20170811203748.000000-240 Finance\bigfish


Options are :

  • The account has been compromised.
  • No logins have occurred.
  • The last login was during business hours.
  • Charles cannot make any determinations from this information.

Answer :The account has been compromised.

Lauren’s honeynet, shown here, is configured to use a segment of unused network space that has no legitimate servers in it. What type of threats is this design particularly useful for detecting?


Options are :

  • Zero-day attacks
  • SQL injection
  • Network scans
  • DDoS attacks

Answer :Network scans

Angela is designing her organization’s data center network and wants to establish a secure zone and a DMZ. If Angela wants to ensure that user accounts and traffic that manage systems in the DMZ are easily auditable and that all access can be logged while helping prevent negative impacts from compromised or infected workstations, which of the following solutions is Angela’s best design option?


Options are :

  • Administrative virtual machines run on administrator workstations
  • A jump host
  • A bastion host
  • Use ssh or RDP from administrative workstations

Answer :A jump host

CompTIA Cyber Security Analyst (CySA+) Practice Exams 2019 Set 11

Fred believes that the malware he is tracking uses a fast flux DNS network, which associates many IP addresses with a single fully qualified domain name as well as using multiple download hosts. How many distinct hosts should he review based on the netflow shown here?

Date flow start Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows

2017-07-11 14:39:30.606 0.448 TCP 192.168.2.1:1451->10.2.3.1:443 10 1510 1

2017-07-11 14:39:30.826 0.448 TCP 10.2.3.1:443->192.168.2.1:1451 7 360 1

2017-07-11 14:45:32.495 18.492 TCP 10.6.2.4:443->192.168.2.1:1496 5 1107 1

2017-07-11 14:45:32.255 18.888 TCP 192.168.2.1:1496->10.6.2.4:443 11 1840 1

2017-07-11 14:46:54.983 0.000 TCP 192.168.2.1:1496->10.6.2.4:443 1 49 1

2008-12-09 16:45:34.764 0.362 TCP 10.6.2.4:443->192.168.2.1:4292 4 1392 1

2008-12-09 16:45:37.516 0.676 TCP 192.168.2.1:4292->10.6.2.4:443 4 462 1

2008-12-09 16:46:38.028 0.000 TCP 192.168.2.1:4292->10.6.2.4:443 2 89 1

2017-07-11 14:45:23.811 0.454 TCP 192.168.2.1:1515->10.6.2.5:443 4 263 1

2017-07-11 14:45:28.879 1.638 TCP 192.168.2.1:1505->10.6.2.5:443 18 2932 1

2017-07-11 14:45:29.087 2.288 TCP 10.6.2.5:443->192.168.2.1:1505 37 48125 1

2017-07-11 14:45:54.027 0.224 TCP 10.6.2.5:443->192.168.2.1:1515 2 1256 1

2017-07-11 14:45:58.551 4.328 TCP 192.168.2.1:1525->10.6.2.5:443 10 648 1

2017-07-11 14:45:58.759 0.920 TCP 10.6.2.5:443->192.168.2.1:1525 12 15792 1

2017-07-11 14:46:32.227 14.796 TCP 192.168.2.1:1525->10.8.2.5:443 31 1700 1

2017-07-11 14:46:52.983 0.000 TCP 192.168.2.1:1505->10.8.2.5:443 1 40 1


Options are :

  • 1
  • 3
  • 4
  • 5

Answer :4

Rick is auditing a Cisco router configuration and notes the following line:

login block-for 120 attempt 5 with 60

What type of setting has been enabled?


Options are :

  • A DDoS prevention setting
  • A back-off setting
  • A telnet security setting
  • An autologin prevention setting

Answer :A back-off setting

As a U.S. government employee, Michael is required to ensure that the network devices that he procures have a verified chain of custody for every chip and component that goes into them. What is this program known as?


Options are :

  • Gray market procurement
  • Trusted Foundry
  • White market procurement
  • Chain of Procurement

Answer :Trusted Foundry

NEW! CompTIA A+ 2019 Cert. Core 2 (220-1002) Practice Tests Set 1

During a network reconnaissance exercise, Chris gains access to a PC located in a secure network. If Chris wants to locate database and web servers that the company uses, what command-line tool can he use to gather information about other systems on the local network without installing additional tools or sending additional traffic?


Options are :

  • ping
  • traceroute
  • nmap
  • netstat

Answer :netstat

Alice is conducting a penetration test of a client’s systems. As part of her test, she gathers information from the social media feeds of staff members who work for her client. What phase of the NIST penetration testing process is she currently in?


Options are :

  • Social engineering
  • Discovery
  • Analysis
  • Social media profiling

Answer :Discovery

What is the default nmap scan type when nmap is not provided with a scan type flag?


Options are :

  • A TCP FIN scan
  • A TCP connect scan
  • A TCP SYN scan
  • A UDP scan

Answer :A TCP SYN scan

JK0-019 CompTIA E2C Network + Certification Exam Set 3

Isaac wants to grab the banner from a remote web server using commonly available tools. Which of the following tools cannot be used to grab the banner from the remote host?


Options are :

  • netcat
  • telnet
  • wget
  • ftp

Answer :ftp

Charles wants to limit what potential attackers can gather during passive or semipassive reconnaissance activities. Which of the following actions will typically reduce his organization’s footprint the most?


Options are :

  • Limit information available via the organizational website without authentication.
  • Use a secure domain registration.
  • Limit technology references in job postings.
  • Purge all document metadata before posting.

Answer :Limit information available via the organizational website without authentication.

Cassandra’s nmap scan of an open wireless network (192.168.10/24) shows the following host at IP address 192.168.1.1. Which of the following is most likely to be the type of system at that IP address based on the scan results shown?



Options are :

  • A virtual machine
  • A wireless router
  • A broadband router
  • A print server

Answer :A wireless router

220-802 CompTIA A+ Certification Practice Exam Set 10

While reviewing Shodan scan data for his organization, John notices the following entry. Which of the following is false?



Options are :

  • The device allows telnet connections.
  • There is a console port on a nonstandard port.
  • The device requires sshv1.
  • The device is an automated tank gauge.

Answer :The device requires sshv1.

Lauren has local access to a Windows workstation and wants to gather information about the organization that it belongs to. What type of information can she gain if she executes the command nbtstat -c?


Options are :

  • MAC addresses and IP addresses of local systems
  • NetBIOS name-to-IP address mappings
  • A list of all NetBIOS systems that the host is connected to
  • NetBIOS MAC-to-IP address mappings

Answer :NetBIOS name-to-IP address mappings

Tracy believes that a historic version of her target’s website may contain data she needs for her reconnaissance. What tool can she use to review snapshots of the website from multiple points in time?


Options are :

  • Time Machine
  • Morlock
  • Wayback Machine
  • Her target’s web cache

Answer :Wayback Machine

CompTIA PD1-001 PDI+ Beta Certification Practice Exam Set 28

After Kristen received a copy of an nmap scan run by a penetration tester that her company hired, she knows that the tester used the -O flag. What type of information should she expect to see included in the output other than open ports?


Options are :

  • OCMP status
  • Other ports
  • Objective port assessment data in verbose mode
  • Operating system and Common Platform Enumeration (CPE) data

Answer :Operating system and Common Platform Enumeration (CPE) data

Andrea wants to conduct a passive footprinting exercise against a target company. Which of the following techniques is not suited to a passive footprinting process?


Options are :

  • WHOIS lookups
  • Banner grabbing
  • BGP looking glass usage
  • Registrar checks

Answer :Banner grabbing

While gathering reconnaissance data for a penetration test, Charleen uses the MxToolbox MX Lookup tool. What can she determine from the response to her query shown here?



Options are :

  • The mail servers are blacklisted.
  • The mail servers have failed an SMTP test.
  • The mail servers are clustered.
  • There are two MX hosts listed in DNS.

Answer :There are two MX hosts listed in DNS.

CompTIA JK0-801 A+ Networking & PC Hardware Practice Exam Set 3

Alex wants to scan a protected network and has gained access to a system that can communicate to both his scanning system and the internal network, as shown in the image here. What type of nmap scan should Alex conduct to leverage this host if he cannot install nmap on system A?


Options are :

  • A reflection scan
  • A proxy scan
  • A randomized host scan
  • A ping-through scan

Answer :A proxy scan

As a member of a blue team, John observed the following behavior during an external penetration test. What should he report to his managers at the conclusion of the test?



Options are :

  • A significant increase in latency
  • A significant increase in packet loss
  • Latency and packet loss both increased.
  • Latency and packet loss both increased.

Answer :Latency and packet loss both increased.

As part of an organization-wide red team exercise, Frank is able to use a known vulnerability to compromise an Apache web server. Once he has gained access, what should his next step be if he wants to use the system to pivot to protected systems behind the DMZ that the web server resides in?


Options are :

  • Vulnerability scanning
  • Privilege escalation
  • Patching
  • Installing additional tools

Answer :Privilege escalation

CompTIA JK0-019 E2C Network Media & Topologies Practice Exam Set 3

As part of her malware analysis process, Caitlyn diagrams the high-level functions and processes that the malware uses to accomplish its goals. What is this process known as?


Options are :

  • Static analysis
  • Composition
  • Dynamic analysis
  • Decomposition

Answer :Decomposition

Alex has been asked to assess the likelihood of reconnaissance activities against her organization (a small, regional business). Her first assignment is to determine the likelihood of port scans against systems in her organization’s DMZ. How should she rate the likelihood of this occurring?


Options are :

  • Low
  • Medium
  • High
  • There is not enough information for Alex to provide a rating.

Answer :High

Lucy is the SOC operator for her organization and is responsible for monitoring her organization’s SIEM and other security devices. Her organization has both domestic and international sites, and many of their employees travel frequently.

While Lucy is monitoring the SIEM, she notices that all of the log sources from her organization’s New York branch have stopped reporting for the past 24 hours. What type of detection rules or alerts should she configure to make sure she is aware of this sooner next time?


Options are :

  • Heuristic
  • Behavior
  • Availability
  • Anomaly

Answer :Availability

CompTIA PD1-001 PDI+ Beta Certification Practice Exam Set 21

After her discovery in the first part of this question, Lucy is tasked with configuring alerts that are sent to system administrators. She builds a rule that can be represented in pseudocode as follows:

Send a SMS alert every 30 seconds when systems do not send logs for more than 1 minute.

The average administrator at Lucy’s organization is responsible for 150 to 300 machines.

What danger does Lucy’s alert create?


Options are :

  • A DDoS that causes administrators to not be able to access systems
  • A network outage
  • Administrators may ignore or filter the alerts.
  • A memory spike

Answer :Administrators may ignore or filter the alerts.

Lucy is the SOC operator for her organization and is responsible for monitoring her organization’s SIEM and other security devices. Her organization has both domestic and international sites, and many of their employees travel frequently.

Lucy configures an alert that detects when users who do not typically travel log in from other countries. What type of analysis is this?


Options are :

  • Trend
  • Availability
  • Heuristic
  • Behavior

Answer :Behavior

During his analysis of a malware sample, John reviews the malware files and binaries without running them. What type of analysis is this?


Options are :

  • Automated analysis
  • Dynamic analysis
  • Static analysis
  • Heuristic analysis

Answer :Static analysis

220-701 A+ Essentials Certification Practice Exam Set 7

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions