CompTIA JK0-015 E2C Security+ Certification Practice Test Set 11

A small company wants to hire a security assessment team for the server and network infrastructure. Which of the following needs to be defined before penetration testing occurs?


Options are :

  • Bandwidth requirements
  • Rules of engagement (Correct)
  • Protocols analysis
  • Vulnerability scan

Answer : Rules of engagement

JK0-017 CompTIA E2C Project+ Certification Practice Exam Set 12

A number of users on the company network have been contracting viruses from required social networking sites. Which of the following would be MOST effective to prevent this from happening?


Options are :

  • Honeypot
  • Proxy server (Correct)
  • Firewall
  • NIDS

Answer : Proxy server

Which of the following was created to standardize the security assessment process?


Options are :

  • Network mapper
  • Vulnerability scanner
  • OVAL (Correct)
  • TACACS

Answer : OVAL

Which of the following describes the importance of enacting and maintaining a clean desk policy?


Options are :

  • To ensure that data is kept on encrypted network shares
  • To avoid passwords and sensitive data from being unsecured (Correct)
  • To guarantee that users comply with local laws and regulations
  • To verify that users are utilizing data storage resources

Answer : To avoid passwords and sensitive data from being unsecured

An in-line network device examines traffic and determines that a parameter within a common protocol is well outside of expected boundaries. This is an example of which of the following?


Options are :

  • IV attack detection
  • Signature based detection
  • Behavior based detection
  • Anomaly based detection (Correct)

Answer : Anomaly based detection

An attacker incorrectly submits data on a website’s form and is able to determine the type of database used by the application and the SQL statements used to query that database. Which of the following is responsible for this information disclosure?


Options are :

  • SQL injection
  • Fuzzing
  • Error handling (Correct)
  • XSS

Answer : Error handling

Proper wireless antenna placement and radio power setting reduces the success of which of the following reconnaissance methods?


Options are :

  • War driving (Correct)
  • Rogue APs
  • Packet analysis
  • RF interference

Answer : War driving

SY0-401 CompTIA Security+ Certification Practice Exam Set 6

Based on logs from file servers, remote access systems, and IDS, a malicious insider was stealing data using a personal laptop while connected by VPN. The affected company wants access to the laptop to determine loss, but the insider’s lawyer insists the laptop cannot be identified. Which of the following would BEST be used to identify the specific computer used by the insider?


Options are :

  • IP address
  • Computer name
  • User profiles
  • MAC address (Correct)

Answer : MAC address

Which of the following is a method for validating a BCP?


Options are :

  • Annual test (Correct)
  • Disaster recovery planning
  • Review audit logs
  • Business impact analysis

Answer : Annual test

A bulk update process fails and writes incorrect data throughout the database. Which of the following concepts describes what has been compromised?


Options are :

  • Authenticity
  • Integrity (Correct)
  • Availability
  • Confidentiality

Answer : Integrity

Which of the following is the primary purpose of using a digital signature? (Select TWO).


Options are :

  • Non-repudiation (Correct)
  • Confidentiality
  • Integrity (Correct)
  • Encryption
  • Availability

Answer : Non-repudiation Integrity

Which of the following protocols would an administrator MOST likely use to monitor the parameters of network devices?


Options are :

  • SMTP
  • SNMP (Correct)
  • NetBIOS
  • ICMP

Answer : SNMP

Which of the following file transfer protocols is an extension of SSH?


Options are :

  • TFPT
  • FTP
  • SFTP (Correct)
  • FTPS

Answer : SFTP

CompTIA Cloud+ Certification Exam Prep CV002 - 2019 Set 1

Which of the following is MOST likely occurring if a website visitor has passwords harvested from the web browser’s cache?


Options are :

  • XSRF (Correct)
  • Buffer overflow
  • Cookies
  • Pharming

Answer : XSRF

The decision to build a redundant data center MOST likely came from which of the following?


Options are :

  • Business impact analysis (Correct)
  • Security procedures review
  • Utilities cost analysis
  • Application performance monitoring

Answer : Business impact analysis

Which of the following BEST describes an attack whereby unsolicited messages are sent to nearby mobile devices?


Options are :

  • Bluejacking (Correct)
  • War driving
  • Smurf attack
  • Bluesnarfing

Answer : Bluejacking

Which of the following authentication methods is typical among corporate environments to authenticate a list of employees?


Options are :

  • LDAP (Correct)
  • Twofish
  • ACLs
  • Kerberos

Answer : LDAP

A malicious insider obtains a copy of a virtual machine image for a server containing client financial records from the in-house virtualization cluster. Which of the following would BEST prevent the malicious insider from accessing the client records?


Options are :

  • File and folder encryption (Correct)
  • Cloud computing
  • Portable media encryption
  • Separation of duties

Answer : File and folder encryption

Which of the following provides integrity verification when storing data?


Options are :

  • Encryption
  • Hashing (Correct)
  • ACL
  • PKI

Answer : Hashing

JK0-017 CompTIA E2C Project+ Certification Practice Exam Set 14

A user is no longer able to transfer files to the FTP server. The security administrator has verified the ports are open on the network firewall. Which of the following should the security administrator check?


Options are :

  • Anti-spam software
  • ACLs (Correct)
  • Anti-virus software
  • NIDS

Answer : ACLs

An security administrator shows a user a method of hiding information by printing text so small that it appears as a period or colon. Which of the following BEST describes this security type?


Options are :

  • Quantum cryptography
  • Transport encryption
  • Hashing
  • Steganography (Correct)

Answer : Steganography

Which of the following processes collects business/unit requirements as a main input when developing a business continuity plan?


Options are :

  • DRP
  • BIA (Correct)
  • NIST
  • SLA

Answer : BIA

Which of the following protocols implements security at the lowest OSI layer?


Options are :

  • SSH
  • ICMP
  • SSL
  • IPSec (Correct)

Answer : IPSec

Which of the following can be used to help prevent man-in-the-middle attacks?


Options are :

  • SFTP
  • HTTP
  • HTTPS
  • Kerberos (Correct)

Answer : Kerberos

A network administrator must configure an FTP server in active-mode. Which of the following is the control port by default?


Options are :

  • 23
  • 22
  • 20
  • 21 (Correct)

Answer : 21

JK0-016 CompTIA Network+ 2009 Edition Practice Exam Set 12

A security administrator has installed a new server and has asked a network engineer to place the server within VLAN 100. This server can be reached from the Internet, but the security engineer is unable to connect from the server to internal company resources. Which of the following is the MOST likely cause?


Options are :

  • VLAN 100 does not have a default route.
  • The server is connected with a crossover cable.
  • The server is in the DMZ. (Correct)
  • VLAN 100 is on the internal network.

Answer : The server is in the DMZ.

Which of the following ports would a security administrator block if the administrator wanted to stop users from accessing outside SMTP services?


Options are :

  • 110
  • 143
  • 25 (Correct)
  • 21

Answer : 25

Which of the following is the primary security reason why social networking sites should be blocked in a large corporation?


Options are :

  • The proxy server needs to be specially configured for all social networking sites.
  • The data traffic can cause system strain and can overwhelm the firewall rule sets.
  • The users’ work productivity decreases greatly.
  • The users can unintentionally post sensitive company information. (Correct)

Answer : The users can unintentionally post sensitive company information.

Which of the following attacks is manifested as an embedded HTML image object or JavaScript image tag in an email?


Options are :

  • Adware
  • Cross-site request forgery
  • Exception handling
  • Cross-site scripting (Correct)

Answer : Cross-site scripting

Upper management decides which risk to mitigate based on cost. This is an example of:


Options are :

  • qualitative risk assessment.
  • quantitative risk assessment (Correct)
  • risk management framework.
  • business impact analysis

Answer : quantitative risk assessment

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions