CompTIA CySA+ Set 4

Quentin ran a vulnerability scan of a server in his organization and discovered the results shown here. Which one of the following actions is not required to resolve one of the vulnerabilities on this server?



Options are :

  • Reconfigure cipher support.
  • Apply Window security patches.
  • Obtain a new SSL certificate.
  • Enhance account security policies.

Answer :Apply Window security patches.

The presence of ____________ triggers specific vulnerability scanning requirements based upon law or regulation.


Options are :

  • Credit card information
  • Protected health information
  • Personally identifiable information
  • Trade secret information

Answer :Credit card information

CompTIA Security+ SY0-501 Exam Preparation (Latest Version) Set 2

Stella is analyzing the results of a vulnerability scan and comes across the vulnerability shown here on a server in her organization. The SharePoint service in question processes all of the organization’s work orders and is a critical part of the routine business workflow.

What priority should Stella place on remediating this vulnerability?


Options are :

  • Stella should make this vulnerability one of her highest priorities.
  • Stella should remediate this vulnerability within the next several weeks.
  • Stella should remediate this vulnerability within the next several months.
  • Stella does not need to assign any priority to remediating this vulnerability.

Answer :Stella should make this vulnerability one of her highest priorities.

Stella is analyzing the results of a vulnerability scan and comes across the vulnerability shown here on a server in her organization. The SharePoint service in question processes all of the organization’s work orders and is a critical part of the routine business workflow. 

What operating system is most likely running on the server in this vulnerability scan report?


Options are :

  • macOS
  • Windows
  • CentOS
  • RHEL

Answer :Windows

Stella is analyzing the results of a vulnerability scan and comes across the vulnerability shown here on a server in her organization. The SharePoint service in question processes all of the organization’s work orders and is a critical part of the routine business workflow.

What is the best way that Stella can correct this vulnerability?


Options are :

  • Deploy an intrusion prevention system.
  • Apply one or more application patches.
  • Apply one or more operating system patches.
  • Disable the service.

Answer :Apply one or more application patches.

FC0-U51 CompTIA IT Fundamentals Certification Exam Set 2

Harry is developing a vulnerability scanning program for a large network of sensors used by his organization to monitor a transcontinental gas pipeline. What term is commonly used to describe this type of sensor network?


Options are :

  • WLAN
  • VPN
  • P2P
  • SCADA

Answer :SCADA

This morning, Eric ran a vulnerability scan in an attempt to detect a vulnerability that was announced by a software manufacturer yesterday afternoon. The scanner did not detect the vulnerability although Eric knows that at least two of his servers should have the issue. Eric contacted the vulnerability scanning vendor who assured him that they released a signature for the vulnerability overnight. What should Eric do as a next step?


Options are :

  • Check the affected servers to verify a false positive.
  • Check the affected servers to verify a false negative.
  • Report a bug to the vendor.
  • Update the vulnerability signatures.

Answer :Update the vulnerability signatures.

Natalie ran a vulnerability scan of a web application recently deployed by her organization, and the scan result reported a blind SQL injection. She reported the vulnerability to the developers who scoured the application and made a few modifications but did not see any evidence that this attack was possible. Natalie reran the scan and received the same result. The developers are now insisting that their code is secure. What is the most likely scenario?


Options are :

  • The result is a false positive.
  • The code is deficient and requires correction.
  • The vulnerability is in a different web application running on the same server.
  • Natalie is misreading the scan report.

Answer :The result is a false positive.

NEW! CompTIA A+ 2019 Cert. Core 2 (220-1002) Practice Tests Set 12

Frank discovers a missing Windows security patch during a vulnerability scan of a server in his organization’s data center. Upon further investigation, he discovers that the system is virtualized. Where should he apply the patch?


Options are :

  • To the virtualized system
  • The patch is not necessary
  • To the domain controller
  • To the virtualization platform

Answer :To the virtualized system

Andrew is frustrated at the high level of false positive reports produced by his vulnerability scans and is contemplating a series of actions designed to reduce the false positive rate. Which one of the following actions is least likely to have the desired effect?


Options are :

  • Moving to credentialed scanning
  • Moving to agent-based scanning
  • Integrating asset information into the scan
  • Increasing the sensitivity of scans

Answer :Increasing the sensitivity of scans

Joe is conducting a network vulnerability scan against his data center and receives reports from system administrators that the scans are slowing down their systems. There are no network connectivity issues, only performance problems on individual hosts. He looks at the scan settings shown here. Which setting would be most likely to correct the problem?



Options are :

  • Scan IP addresses in a random order
  • Network timeout (in seconds)
  • Max simultaneous checks per host
  • Max simultaneous hosts per scan

Answer :Max simultaneous checks per host

JK0-802 CompTIA A+ Certification Exam Set 4

Brenda runs a vulnerability scan of the management interface for her organization’s DNS service. She receives the vulnerability report shown here. What should be Brenda’s next action?



Options are :

  • Disable the use of cookies on this service.
  • Request that the vendor rewrite the interface to avoid this vulnerability.
  • Investigate the contents of the cookie.
  • Shut down the DNS service.

Answer :Investigate the contents of the cookie.

Donna is prioritizing vulnerability scans and would like to base the frequency of scanning on the information asset value. Which of the following criteria would be most appropriate for her to use in this analysis?


Options are :

  • Cost of hardware acquisition
  • Cost of hardware replacement
  • Types of information processed
  • Depreciated hardware cost

Answer :Types of information processed

Laura is working to upgrade her organization’s vulnerability management program. She would like to add technology that is capable of retrieving the configurations of systems, even when they are highly secured. Many systems use local authentication, and she wants to avoid the burden of maintaining accounts on all of those systems. What technology should Laura consider to meet her requirement?


Options are :

  • Credentialed scanning
  • Uncredentialed scanning
  • Server-based scanning
  • Agent-based scanning

Answer :Agent-based scanning

N10-006 CompTIA Network+ Certification Practice Test Set 10

Javier discovered the vulnerability shown here in a system on his network. He is unsure what system component is affected. What type of service is causing this vulnerability?



Options are :

  • Backup service
  • Database service
  • File sharing
  • Web service

Answer :Database service

Alicia runs a vulnerability scan of a server being prepared for production and finds the vulnerability shown here. Which one of the following actions is least likely to reduce this risk?



Options are :

  • Block all connections on port 22.
  • Upgrade OpenSSH.
  • Disable AES-GCM in the server configuration.
  • Install a network IPS in front of the server.

Answer :Install a network IPS in front of the server.

After scanning his organization’s email server, Frank discovered the vulnerability shown here. What is the most effective response that Frank can take in this situation?



Options are :

  • Upgrade to the most recent version of Microsoft Exchange.
  • Upgrade to the most recent version of Microsoft Windows.
  • Implement the use of strong encryption.
  • No action is required.

Answer :No action is required.

Practice Test : CompTIA A+ Certification 220-902

A SQL injection exploit typically gains access to a database by exploiting a vulnerability in a(n) ____________.


Options are :

  • Operating system
  • Web application
  • Database server
  • Firewall

Answer :Web application

Ryan ran a vulnerability scan of one of his organization’s production systems and received the report shown here. He would like to understand this vulnerability better and then remediate the issue.

Ryan will not be able to correct the vulnerability for several days. In the meantime, he would like to configure his intrusion prevention system to watch for issues related to this vulnerability. Which one of the following protocols would an attacker use to exploit this vulnerability?


Options are :

  • SSH
  • HTTPS
  • FTP
  • RDP

Answer :HTTPS

Ryan ran a vulnerability scan of one of his organization’s production systems and received the report shown here. He would like to understand this vulnerability better and then remediate the issue.

Which one of the following actions could Ryan take to remediate the underlying issue without disrupting business activity?


Options are :

  • Disable the IIS service.
  • Apply a security patch.
  • Modify the web application.
  • Apply IPS rules.

Answer :Apply a security patch.

CompTIA JK0-801 A+ Networking & PC Hardware Practice Exam Set 1

Ryan ran a vulnerability scan of one of his organization’s production systems and received the report shown here. He would like to understand this vulnerability better and then remediate the issue.

If an attacker is able to exploit this vulnerability, what is the probable result that will have the highest impact on the organization?


Options are :

  • Administrative control of the server
  • Complete control of the domain
  • Access to configuration information
  • Access to web application logs

Answer :Administrative control of the server

Ted is configuring vulnerability scanning for a file server on his company’s internal network. The server is positioned on the network as shown here. What types of vulnerability scans should Ted perform to balance the efficiency of scanning effort with expected results?



Options are :

  • Ted should not perform scans of servers on the internal network.
  • Ted should only perform internal vulnerability scans.
  • Ted should only perform external vulnerability scans.
  • Ted should perform both internal and external vulnerability scans.

Answer :Ted should only perform internal vulnerability scans.

Kristen is attempting to determine the next task that she should take on from a list of security priorities. Her boss told her that she should focus on activities that have the most “bang for the buck.” Of the tasks shown here, which should she tackle first?



Options are :

  • Task 1
  • Task 2
  • Task 3
  • Task 4

Answer :Task 1

CompTIA JK0-022 E2C Security+ Compliance & Operational Exam Set 9

Kevin manages the vulnerability scans for his organization. The senior director that oversees Kevin’s group provides a report to the CIO on a monthly basis on operational activity, and he includes the number of open critical vulnerabilities. Kevin would like to provide this information to his director in as simple a manner as possible each month. What should Kevin do?


Options are :

  • Provide the director with access to the scanning system.
  • Check the system each month for the correct number and email it to the director.
  • Configure a report that provides the information to automatically send to the director’s email at the proper time each month.
  • Ask an administrative assistant to check the system and provide the director with the information.

Answer :Configure a report that provides the information to automatically send to the director’s email at the proper time each month.

Morgan is interpreting the vulnerability scan from her organization’s network, shown here. She would like to determine which vulnerability to remediate first. Morgan would like to focus on vulnerabilities that are most easily exploitable by someone outside her organization. Assuming the firewall is properly configured, which one of the following vulnerabilities should Morgan give the highest priority?



Options are :

  • Severity 5 vulnerability in the workstation
  • Severity 1 vulnerability in the file server
  • Severity 5 vulnerability in the web server
  • Severity 1 vulnerability in the mail server

Answer :Severity 5 vulnerability in the web server

Mike runs a vulnerability scan against his company’s virtualization environment and finds the vulnerability shown here in several of the virtual hosts. What action should Mike take?



Options are :

  • No action is necessary because this is an informational report.
  • Mike should disable HTTP on the affected devices.
  • Mike should upgrade the version of OpenSSL on the affected devices.
  • Mike should immediately upgrade the hypervisor.

Answer :No action is necessary because this is an informational report.

CompTIA Security+ Certification (SY0-501): Tests

Juan recently scanned a system and found that it was running services on ports 139 and 445. What operating system is this system most likely running?


Options are :

  • Ubuntu
  • macOS
  • CentOS
  • Windows

Answer :Windows

Gene is concerned about the theft of sensitive information stored in a database. Which one of the following vulnerabilities would pose the most direct threat to this information?


Options are :

  • SQL injection
  • Cross-site scripting
  • Buffer overflow
  • Denial of service

Answer :SQL injection

Which one of the following protocols is not likely to trigger a vulnerability scan alert when used to support a virtual private network (VPN)?


Options are :

  • IPsec
  • SSLv2
  • PPTP
  • SSLv3

Answer :IPsec

CompTIA CySA+ (CS0-001)

Rahul ran a vulnerability scan of a server that will be used for credit card processing in his environment and received a report containing the vulnerability shown here. What action must Rahul take?



Options are :

  • Remediate the vulnerability when possible.
  • Remediate the vulnerability prior to moving the system into production and rerun the scan to obtain a clean result.
  • Remediate the vulnerability within 90 days of moving the system to production.
  • No action is required.

Answer :No action is required.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions