CompTIA JK0-015 E2C Security+ Certification Practice Test Set 15

A user creates an archive of files that are sensitive and wants to ensure that no one else can access them. Which of the following could be used to assess the security of the archive?


Options are :

  • Protocol analyzer
  • Firewall
  • Port scanner
  • Password cracker (Correct)

Answer : Password cracker

A third party conducted an assessment of a company's network, which resulted in the company's website going offline. Which of the following MOST likely occurred?


Options are :

  • Vulnerability scanners took the system offline
  • Password crackers were used and took the system offline
  • Performance monitors were analyzing the network traffic and took the system offline
  • Penetration testing took the system offline (Correct)

Answer : Penetration testing took the system offline

Which of the following security concerns stem from the use of corporate resources on cell phones? (Select TWO).


Options are :

  • MITM attacks are easy against cell phones.
  • Cell phones are used for P2P gaming.
  • Encryption on cell phones is not always possible. (Correct)
  • There is no antivirus software for cell phones.
  • Cell phones are easily lost or stolen. (Correct)

Answer : Encryption on cell phones is not always possible. Cell phones are easily lost or stolen.

Which of the following could be used to gather evidence against an attacker?


Options are :

  • Network mapper
  • Internet content filter
  • Encryption devices
  • Honeypots (Correct)

Answer : Honeypots

IPSec provides which of the following?


Options are :

  • Payload compression
  • Payload encryption (Correct)
  • NAT traversal
  • New IP headers

Answer : Payload encryption

FC0-U41 CompTIA Strata IT Fundamentals Practice Exam Set 9

A new administrative assistant starts with the company and tries to access the personnel file for the Vice President of Operations, but is denied. Which of the following BEST describes this access control method?


Options are :

  • Job rotation
  • Separation of privilege
  • Implicit deny
  • Least privileg (Correct)

Answer : Least privileg

An administrator is concerned about the amount of time it would take to investigate email that may be subject to inspection during legal proceedings. Which of the following could help limit the company's exposure and the time spent on these types of proceedings?


Options are :

  • Decentralize email servers
  • Storage and retention policies (Correct)
  • Adjust user access rights assignments
  • Encrypting email transmissions

Answer : Storage and retention policies

Which of the following system types would a security administrator need to implement in order to detect and mitigate behavior-based activity on the network?


Options are :

  • NIPS (Correct)
  • Signature-based security devices
  • Antivirus server
  • NIDS

Answer : NIPS

Which of the following centralizes authentication on a wireless network?


Options are :

  • VPN
  • RADIUS (Correct)
  • CHAP
  • RDP

Answer : RADIUS

Which of the following would a security administrator use to perform vulnerability scanning without doing any penetration testing?


Options are :

  • SQL injection
  • Logic bombs
  • Brute force
  • Protocol analyzer (Correct)

Answer : Protocol analyzer

Which of the following is the BEST way to restrict the GUI interface on a workstation?


Options are :

  • Local policy
  • Batch file
  • Group policy (Correct)
  • Registry edits

Answer : Group policy

CT0-101 Convergence+ Certification Practice Exam Set 9

An administrator wants to implement disk encryption and wants to have a disaster recovery plan to decrypt data if the key is unknown. Which of the following should be implemented?


Options are :

  • Certificate revocation list
  • Recovery agent (Correct)
  • Public key infrastructure
  • Certificate authority

Answer : Recovery agent

Which of the following BEST controls traffic between networks?


Options are :

  • Firewall (Correct)
  • HIPS
  • NIDS
  • Access point

Answer : Firewall

A user is issued a new smartcard that stores both their new private and public key. Now the user is unable to open old encrypted emails. Which of the following needs to be completed to resolve the issue?


Options are :

  • Revoke the new private key
  • Restore old public key from the RA
  • Old encrypted email needs to be resent
  • Restore old private key from the RA (Correct)

Answer : Restore old private key from the RA

Which of the following describes a situation where management decided the financial impact is less than the cost of fixing the security threat?


Options are :

  • Risk mitigation
  • Risk denial
  • Risk acceptance (Correct)
  • Rick avoidance

Answer : Risk acceptance

Which of the following offers the MOST difficult to break encryption?


Options are :

  • Block cipher
  • 3DES
  • Blowfish
  • One time pad (Correct)

Answer : One time pad

A cipher lock system is which of the following security method types?


Options are :

  • Proximity reader
  • Door access (Correct)
  • Biometrics
  • Man-trap design

Answer : Door access

JK0-019 CompTIA E2C Network + Certification Exam Set 1

Which of the following is a best practice for managing user accounts?


Options are :

  • Assign users to all groups in order to avoid access problems.
  • Lock out user accounts while the user is on extended leave.
  • Notify account administrators when a user leaves or transfers. (Correct)
  • Use the most privilege rule to grant access to senior users

Answer : Notify account administrators when a user leaves or transfers.

Which of the following is made possible by some commercial virtualization hosting applications?


Options are :

  • Seamless switching between telephony and IP telephony
  • Automatic transfer of applications when hardware fails (Correct)
  • Transfer of network infrastructure components to meet demand
  • Automatic redundancy for power in the event of a blackout

Answer : Automatic transfer of applications when hardware fails

Which of the following is required for an anomaly detection system to evaluate traffic properly?


Options are :

  • Signature
  • Baseline (Correct)
  • Protocol analyzer
  • Vulnerability assessment

Answer : Baseline

Which of the following does a malicious insider install in order to attack the system at a predetermined date?


Options are :

  • Virus
  • Worm
  • Spam
  • Logic bomb (Correct)

Answer : Logic bomb

Which of the following should be done FIRST after creating a formal disaster recovery plan?


Options are :

  • Test the plan. (Correct)
  • Update the plan as needed.
  • Store the plan where all employees can see it
  • Distribute the plan.

Answer : Test the plan.

Which of the following happens to a risk when a company buys insurance to mitigate that risk?


Options are :

  • Avoidance
  • Acceptance
  • Elimination
  • Transference (Correct)

Answer : Transference

SY0-401 CompTIA Security+ Certification Practice Exam Set 9

An administrator believes a user has more access to a financial application than they should. Which of the following policies would this MOST likely violate?


Options are :

  • Server configuration policy
  • Storage and retention
  • User rights assignment (Correct)
  • Group policy

Answer : User rights assignment

Which of the following BEST describes what users are required to provide in a two factor authentication system?


Options are :

  • Two distinct items from one of the authentication factor groups.
  • Two distinct items they know from the same authentication factor group
  • Two distinct items from each of the authentication factor groups
  • Two distinct items from distinct categories of authentication factor groups. (Correct)

Answer : Two distinct items from distinct categories of authentication factor groups.

A security administrator works for a corporation located in a state with strict data breach disclosure laws. Compliance with these local legal regulations requires the security administrator to report data losses due to which of the following?


Options are :

  • Power failures
  • Backup corruption
  • Hacking (Correct)
  • Cryptography

Answer : Hacking

Which of the following can assesses threats in non-encrypted traffic?


Options are :

  • Firewall
  • NIDS (Correct)
  • Internet content filter
  • Proxy server

Answer : NIDS

Which of the following security applications is used to mitigate malware?


Options are :

  • Personal firewall
  • Anti-spam
  • HIDS
  • Anti-spyware (Correct)

Answer : Anti-spyware

A few computers have been off the network for 70 days and a new company policy dictates that all computers that are not on the network for over 60 days need to be disabled. These computers are for a class that is conducted every three months. Which of the following is the BEST solution?


Options are :

  • Add those computers to a special group and set group policy to disable all computers within that group. (Correct)
  • Perform a query every 60 days to identify those computers and disable them all at once.
  • Disable each computer as it reaches 60 days, perform queries every 30 days to identify those computers.
  • Add those computers to a special group and perform a query every 45 days to identify additional computers.

Answer : Add those computers to a special group and set group policy to disable all computers within that group.

CompTIA Network+ 6 Certification Practice Exams - 2019 Set 8

Which of the following is the BEST course of action to ensure an email server is not an open relay?


Options are :

  • Require authentication for all outbound SMTP traffic. (Correct)
  • Require authentication for all inbound SMTP traffic.
  • Block all inbound traffic on SMTP port 25.
  • Require authentication for all inbound and outbound SMTP traffic.

Answer : Require authentication for all outbound SMTP traffic.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions