CompTIA JK0-018 Security+ E2C Certified Practice Exam Set 3

Which of the following should Joe, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from his company?


Options are :

  • Mandatory Vacations
  • Least Privilege
  • Acceptable Use
  • Privacy Policy

Answer : Mandatory Vacations

CompTIA Cloud Essentials CLO-001 Certified Practice Exam Set 3

When a communications plan is developed for disaster recovery and business continuity plans, the MOST relevant items to include would bE. (Select TWO).


Options are :

  • Methods to exchange essential information to and from all response team members, employees, suppliers, and customers.
  • Methods and templates to respond to press requests, institutional and regulatory reporting requirements.
  • Defined scenarios by type and scope of impact and dependencies, with quantification of loss potential.
  • Developed recovery strategies, test plans, post-test evaluation and update processes.

Answer : Methods to exchange essential information to and from all response team members, employees, suppliers, and customers. Methods and templates to respond to press requests, institutional and regulatory reporting requirements.

The security officer is preparing a read-only USB stick with a document of important personal phone numbers, vendor contacts, an MD5 program, and other tools to provide to employees. At which of the following points in an incident should the officer instruct employees to use this information?


Options are :

  • Contingency Planning
  • Business Impact Analysis
  • Damage and Loss Control
  • First Responder

Answer : First Responder

Which of the following would verify that a threat does exist and security controls can easily be bypassed without actively testing an application?


Options are :

  • Protocol analyzer
  • Port scanner
  • Vulnerability scan
  • Penetration test

Answer : Vulnerability scan

CompTIA N10-004 Network+ Certification Practice Test Set 5

Ann is starting a disaster recovery program. She has gathered specifics and team members for a meeting on site. Which of the following types of tests is this?


Options are :

  • Full Interruption test
  • Structured walk through
  • Check list test
  • Table top exercise

Answer : Structured walk through

Which of the following attacks targets high level executives to gain company information?


Options are :

  • Phishing
  • Spoofing
  • Whaling
  • Vishing

Answer : Whaling

A security administrator wants to deploy a physical security control to limit an individual?s access into a sensitive area. Which of the following should be implemented?


Options are :

  • Bollards
  • CCTV
  • Spike strip
  • Guards

Answer : Guards

Practice : CompTIA Network+ (N10-007)

The BEST methods for a web developer to prevent the website application code from being vulnerable to cross-site request forgery (XSRF) is to: (Select TWO).


Options are :

  • Permit redirection to Internet-facing web URLs.
  • Restrict and sanitize use of special characters in input and URLs.
  • Use a web proxy to pass website requests between the user and the application.
  • Ensure all HTML tags are enclosed in angle brackets, e.g., ”<” and “>”.
  • Validate and filter input on the server side and client side.

Answer : Restrict and sanitize use of special characters in input and URLs. Validate and filter input on the server side and client side.

Which of the following is the MOST intrusive type of testing against a production system?


Options are :

  • War dialing
  • White box testing
  • Penetration testing
  • Vulnerability testing

Answer : Penetration testing

Ann, a software developer, has installed some code to reactivate her account one week after her account has been disabled. Which of the following is this an example of? (Select TWO).


Options are :

  • Rootkit
  • Logic Bomb
  • Botnet
  • Backdoor

Answer : Logic Bomb Backdoor

CompTIA A+ 220 902 Test Set 1

Which of the following consists of peer assessments that help identify security threats and vulnerabilities?


Options are :

  • Risk assessment
  • Baseline reporting
  • Alarms
  • Code reviews

Answer : Code reviews

Which of the following uses port 22 by default? (Select THREE).


Options are :

  • TLS
  • SSL
  • SSH
  • SCP
  • SFTP

Answer : SSH SCP SFTP

A network administrator uses an RFID card to enter the datacenter, a key to open the server rack, and a username and password to logon to a server. These are examples of which of the following?


Options are :

  • Multifactor authentication
  • Separation of duties
  • Single factor authentication
  • Identification

Answer : Single factor authentication

220-702 CompTIA A+ Practical Application Certification Exam Set 3

An internal auditing team would like to strengthen the password policy to support special characters. Which of the following types of password controls would achieve this goal?


Options are :

  • Allow single sign on
  • Increase password length
  • Add reverse encryption
  • Password complexity

Answer : Password complexity

Which of the following tools would allow Ann, the security administrator, to be able to BEST quantify all traffic on her network?


Options are :

  • Honeypot
  • Port scanner
  • Vulnerability scanner
  • Protocol analyzer

Answer : Protocol analyzer

A perimeter survey finds that the wireless network within a facility is easily reachable outside of the physical perimeter. Which of the following should be adjusted to mitigate this risk?


Options are :

  • MAC filter
  • CCMP
  • Power level controls
  • SSID broadcast

Answer : Power level controls

CompTIA JK0-801 A+ Networking & PC Hardware Practice Exam Set 1

Which of the following can be implemented in hardware or software to protect a web server from cross-site scripting attacks?


Options are :

  • URL Content Filter
  • Web Application Firewall
  • Intrusion Detection System
  • Flood Guard Protection

Answer : Web Application Firewall

A major security risk with co-mingling of hosts with different security requirements is:


Options are :

  • Zombie attacks.
  • Password compromises.
  • Privilege creep.
  • Security policy violations.

Answer : Security policy violations.

Joe, the security administrator, has determined that one of his web servers is under attack. Which of the following can help determine where the attack originated from?


Options are :

  • Record time offset
  • Capture system image
  • Screenshots
  • Network sniffing

Answer : Network sniffing

CompTIA Security+ Cert. (SY0-501) Practice Tests Set 2

When an order was submitted via the corporate website, an administrator noted special characters (e.g., “;--” and “or 1=1 --”) were input instead of the expected letters and numbers. Which of the following is the MOST likely reason for the unusual results?


Options are :

  • The user is sending malicious SQL injection strings in order to extract sensitive company or customer data via the website.
  • The user has been compromised by a cross-site scripting attack (XSS) and is part of a botnet performing DDoS attacks.
  • The user is attempting to highjack the web server session using an open-source browser.
  • The user is attempting to fuzz the web server by entering foreign language characters which are incompatible with the website.

Answer : The user is sending malicious SQL injection strings in order to extract sensitive company or customer data via the website.

An advantage of virtualizing servers, databases, and office applications is:


Options are :

  • Decentralized management.
  • Stronger access control.
  • Centralized management
  • Providing greater resources to users

Answer : Centralized management

The IT department has installed new wireless access points but discovers that the signal extends far into the parking lot. Which of the following actions should be taken to correct this?


Options are :

  • Disable the SSID broadcasting
  • Configure the access points so that MAC filtering is not used
  • Implement WEP encryption on the access points
  • Lower the power for office coverage only

Answer : Lower the power for office coverage only

CAS-001 CompTIA Advanced Security Practitioner Practice Exam Set 12

A set of standardized system images with a pre-defined set of applications is used to build end-user workstations. The security administrator has scanned every workstation to create a current inventory of all applications that are installed on active workstations and is documenting which applications are out-of-date and could be exploited. The security administrator is determining the:


Options are :

  • OS hardening effectiveness.
  • Application baseline.
  • Application hardening effectiveness.
  • Attack surface.

Answer : Attack surface.

Which of the following can be used as an equipment theft deterrent?


Options are :

  • Screen locks
  • Cable locks
  • Whole disk encryption
  • GPS tracking

Answer : Cable locks

The string: „ or 1=1-- - represents which of the following?


Options are :

  • Rogue access point
  • SQL Injection
  • Client-side attacks
  • Bluejacking

Answer : SQL Injection

FC0-U51 CompTIA IT Fundamentals Certification Exam Set 8

End-user awareness training for handling sensitive personally identifiable information would include secure storage and transmission of customer:


Options are :

  • First and last name.
  • Date of birth.
  • Employer name.
  • Phone number.

Answer : Date of birth.

A network administrator is configuring access control for the sales department which has high employee turnover. Which of the following is BEST suited when assigning user rights to individuals in the sales department?


Options are :

  • Time of day restrictions
  • Domain admin restrictions
  • User assigned privileges
  • Group based privileges

Answer : Group based privileges

After encrypting all laptop hard drives, an executive officer?s laptop has trouble booting to the operating system. Now that it is successfully encrypted the helpdesk cannot retrieve the data. Which of the following can be used to decrypt the information for retrieval?


Options are :

  • Public key
  • Private key
  • Recovery agent
  • Trust models

Answer : Recovery agent

CompTIA CySA+ Set 13

Which of the following ports is used for SSH, by default?


Options are :

  • 23
  • 12
  • 32
  • 22

Answer : 22

A software developer is responsible for writing the code on an accounting application. Another software developer is responsible for developing code on a system in human resources. Once a year they have to switch roles for several weeks. Which of the following practices is being implemented?


Options are :

  • Mandatory vacations
  • Separation of duties
  • Job rotation
  • Least privilege

Answer : Job rotation

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions