CompTIA JK0-015 E2C Security+ Certification Practice Test Set 23

Which of the following best describes the function of the NIDS?


Options are :

  • Analyzing the LAN transport file sharing software
  • By controlling the spyware traffic to the DMZ
  • By controlling the suspicious traffic in real time
  • Analysis of network traffic for suspicious traffic (Correct)
  • None

Answer : Analysis of network traffic for suspicious traffic

The user reported the problem by resetting the password to the company's website. Help desk is determined by the user was redirected to fraudulent web site. Which of the following best describes the type of attack?


Options are :

  • Spyware
  • logic bomb
  • XSS (Correct)
  • Worm
  • None

Answer : XSS

Which of the following is performed when performing a penetration test?


Options are :

  • Documentation of network security settings, policy gaps and user errors.
  • Documentation vulnerabilities and policy shortcomings.
  • None
  • Demonstrations network capacity and flexibility.
  • Demonstrations of security flaws and shortcomings in policy implementation. (Correct)

Answer : Demonstrations of security flaws and shortcomings in policy implementation.

CompTIA PD1-001 PDI+ Beta Certification Practice Exam Set 12

Which of the following should be protected from disclosure?


Options are :

  • The user's public key
  • The user's private key password (Correct)
  • The revocation list
  • None
  • Public Key Infrastructure

Answer : The user's private key password

What operating system hardening procedures can be implemented to ensure that all systems are the most up to date version available?


Options are :

  • security templates
  • group policies
  • Configuration baselines
  • patch management, (Correct)
  • None

Answer : patch management,

Which of the following is the main difference between role-based access control, and rule-based access control?


Options are :

  • One is based on the job, and the second set in accordance with the approved guidelines. (Correct)
  • Both are based on the job title but a rules-based provides a greater user flexibility.
  • One is based on the identity and the second authentication.
  • None
  • Both are based on regulations issued by the local authorities, but the role-based offers better security.

Answer : One is based on the job, and the second set in accordance with the approved guidelines.

A worker who is a regular user has downloaded the software, allowing the user to join the group administrator. What happens in the following?


Options are :

  • privilege escalation (Correct)
  • Virus
  • None
  • Trojan
  • Buffer overflow

Answer : privilege escalation

Safety Partner is found that the company's Web site contains the source code for suspicious amounts spaces and non-printable characters at the end of each line of code. Which of the following have been used in order to leak sensitive information about the contest?


Options are :

  • None
  • steganography (Correct)
  • encryption
  • code fuzzing
  • obfuscation

Answer : steganography

Which of the following ports is susceptible to DNS poisoning?


Options are :

  • 8080
  • 23
  • None
  • 53 (Correct)
  • 80

Answer : 53

SY0-401 CompTIA Security+ Certification Practice Exam Set 3

The administrator needs to configure permissions for a new print server, the company consists of 320 people in 18 departments. Each department has its own printers. Which of the following is the best way to do this?


Options are :

  • None
  • To accommodate all the people groups of departments. Set the printer to access the printer by matching groups of individuals.
  • Place all the folks distribution groups. Set up the printer access access to the group.
  • To accommodate all the people groups of departments. Set up access to all printers in each group.
  • To accommodate all the people groups of departments. Set up the printer access by matching the group department. (Correct)

Answer : To accommodate all the people groups of departments. Set up the printer access by matching the group department.

Which of the following is an example of a single sign-on?


Options are :

  • Using three individual authentication systems.
  • one authentication authentication of individual systems a factor.
  • Access to individual systems with a single password.
  • Access to multiple systems with one authentication method (Correct)
  • None

Answer : Access to multiple systems with one authentication method

Since the introduction of the new IDS, the administrator will notice the large number of notifications coming to inspect the filter port 445. Which of the following can best help the administrator to determine whether the notifications are false positives?


Options are :

  • firewall log
  • protocol analyzer (Correct)
  • router tables
  • IDS performance monitor
  • None

Answer : protocol analyzer

Safety Partner is worried about the attackers to get within a corporate network server. Which of the following would allow security staff to identify unauthorized access to the server?


Options are :

  • antivirus
  • None
  • Anti-spyware
  • honey Jar
  • HIDs (Correct)

Answer : HIDs

Which of the following is true when a user browsing an HTTPS website will get the message: aa, is? Sitea s certificate is not trusted ?


Options are :

  • None
  • The certificate has expired and was not renewed.
  • CA is not the default revocation list.
  • CA is not the Browser s root list. (Correct)
  • In between, CA was offline.

Answer : CA is not the Browser s root list.

Which of the following should be used to prevent theft device unused funds?


Options are :

  • device encryption
  • GPS tracking
  • HSM
  • None
  • locking cabinet (Correct)

Answer : locking cabinet

Which of the following is most likely to occur if a visitor passwords were collected by Web Browser s cache?


Options are :

  • pharming
  • XSRF (Correct)
  • Cookies
  • Buffer overflow
  • None

Answer : XSRF

Which of the following protocols must be used to ensure that data remains encrypted during transport over the Internet? (Choose three).


Options are :

  • HTTP
  • TFTP
  • FTP
  • SSL (Correct)
  • SSH (Correct)
  • TSL (Correct)

Answer : SSL SSH TSL

JK0-019 CompTIA E2C Network + Certification Exam Set 5

Which of the following mitigation strategies have been established to reduce the risk of performing updates to business-critical systems?


Options are :

  • incident management
  • Managing change (Correct)
  • server clustering
  • forensic analysis
  • None

Answer : Managing change

Security administrator has installed a new server and it has asked the network engineer to place a server, VLAN 100. This server can be reached from the Internet, but the safety engineer does not connect to the server the company's internal resources. Which of the following is the most likely cause?


Options are :

  • None
  • VLAN 100 is not the default route.
  • VLAN 100 is the internal network.
  • The server is connected to the cross-connection cable.
  • The server is in the DMZ. (Correct)

Answer : The server is in the DMZ.

Which of the following best describe a situation where the management of the organization decides not to provide the service offering, because it presents an unacceptable risk to the organization?


Options are :

  • Avoidance (Correct)
  • mitigation
  • Adoption
  • None
  • intimidation

Answer : Avoidance

Which of the following describes the importance of adopting and maintaining a clean desk policy?


Options are :

  • To ensure that data is kept encrypted network shares
  • To avoid passwords and sensitive information from unsecured (Correct)
  • None
  • If you want to make sure that users make use of information storage capacity
  • To guarantee that users comply with local laws and regulations

Answer : To avoid passwords and sensitive information from unsecured

Right wireless antenna placement and radio power setting to reduce the success of the following methods of inquiry?


Options are :

  • the packet analysis circuit
  • rogue APs
  • wardriving (Correct)
  • None
  • RF interference

Answer : wardriving

Which of the following accounting policies should be implemented, if the user tried to log in to their account several times and was disabled for a period of time?


Options are :

  • termination
  • None
  • disability
  • Recovery
  • Lockout (Correct)

Answer : Lockout

JK0-802 CompTIA A+ Certification Exam Set 1

Security administrator presents the user with a method to hide information by printing text so small that it appears on a dotted or colon. Which of the following best describes this type of security?


Options are :

  • traffic encryption
  • hashing
  • None
  • quantum cryptography
  • steganography (Correct)

Answer : steganography

High traffic areas, the guards need to be most concerned about which of the following attacks?


Options are :

  • wardriving
  • shoulder surfing
  • blue jacking
  • tailgating (Correct)
  • None

Answer : tailgating

Which of the following network ACL entries best represent the concept of an implicit deny?


Options are :

  • Prohibit any FTP
  • Prohibit any UDP
  • None
  • deny any (Correct)
  • Deny any TCP

Answer : deny any

In-network device examines the current traffic and determines that the parameter within the common protocol is well outside the expected limits. This is an example, which of the following?


Options are :

  • Behavior-based detection
  • Anomaly-based detection (Correct)
  • None
  • Signature-based detection
  • IV attack detection

Answer : Anomaly-based detection

An administrator wants to offer its 250 employees secure remote access to the corporate network. Which of the following BEST achieve this requirement?


Options are :

  • VPN concentrator (Correct)
  • Web Security Gateway
  • Software-based Firewall
  • Mandatory Access Control (MAC)
  • None

Answer : VPN concentrator

The upper management decides what to mitigate risk based on the cost. This is an example:


Options are :

  • risk management framework.
  • None
  • A qualitative assessment.
  • Analyzing the business impact
  • quantitative risk assessment (Correct)

Answer : quantitative risk assessment

SY0-401 CompTIA Security+ Certification Practice Exam Set 4

The granting of access rights, which of the following protocols is used for multi-challenge responses Authentication, Authorization and Audit?


Options are :

  • TACACS + (Correct)
  • TACACS
  • None
  • RAIN
  • LDAP

Answer : TACACS +

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions