CompTIA JK0-018 Security+ E2C Certified Practice Exam Set 5

The security administrator installed a newly generated SSL certificate onto the company web server. Due to a mis-configuration of the website, a downloadable file containing one of the pieces of the key was available to the public. It was verified that the disclosure did not require a reissue of the certificate. Which of the following was MOST likely compromised?


Options are :

  • The file containing the server?s encrypted passwords.
  • The file containing the public key
  • The file containing the recovery agent?s keys.
  • The file containing the private key.

Answer : The file containing the public key

220-702 CompTIA A+ Practical Application Certification Exam Set 3

The security administrator is implementing a malware storage system to archive all malware seen by the company into a central database. The malware must be categorized and stored based on similarities in the code. Which of the following should the security administrator use to identify similar malware?


Options are :

  • SHA-512
  • Two Fish
  • HMAC
  • Fuzzy hashes

Answer : Fuzzy hashes

Which of the following provides a static record of all certificates that are no longer valid?


Options are :

  • CA
  • Recovery agent
  • CRLs
  • Private key

Answer : CRLs

The security administrator is analyzing a user?s history file on a Unix server to determine if the user was attempting to break out of a rootjail. Which of the following lines in the user?s history log shows evidence that the user attempted to escape the rootjail?


Options are :

  • cd ../../../../bin/bash
  • whoami
  • ls /root
  • sudo -u root

Answer : cd ../../../../bin/bash

JK0-017 CompTIA E2C Project+ Certification Practice Exam Set 6

Various network outages have occurred recently due to unapproved changes to network and security devices. All changes were made using various system credentials. The security analyst has been tasked to update the security policy. Which of the following risk mitigation strategies would also need to be implemented to reduce the number of network outages due to unauthorized changes?


Options are :

  • Incident management
  • User rights and permissions review
  • Implement security controls on Layer 3 devices
  • Configuration management

Answer : User rights and permissions review

A security analyst performs the following activities: monitors security logs, installs surveillance cameras and analyzes trend reports. Which of the following job responsibilities is the analyst performing? (Select TWO).


Options are :

  • Detect security incidents
  • Implement monitoring controls
  • Hardening network devices
  • educe attack surface of systems

Answer : Detect security incidents Implement monitoring controls

A security administrator has been tasked with setting up a new internal wireless network that must use end to end TLS. Which of the following may be used to meet this objective?


Options are :

  • HTTPS
  • WEP
  • WPA
  • WPA 2

Answer : WPA 2

CompTIA Cyber Security Analyst (CySA+) Practice Exams 2019 Set 9

Key cards at a bank are not tied to individuals, but rather to organizational roles. After a break in, it becomes apparent that extra efforts must be taken to successfully pinpoint who exactly enters secure areas. Which of the following security measures can be put in place to mitigate the issue until a new key card system can be installed?


Options are :

  • Video surveillance
  • Bollards
  • Fencing
  • Proximity readers

Answer : Video surveillance

After analyzing and correlating activity from multiple sensors, the security administrator has determined that a group of very well organized individuals from an enemy country is responsible for various attempts to breach the company network, through the use of very sophisticated and targeted attacks. Which of the following is this an example of?


Options are :

  • Privilege escalation
  • Advanced persistent threat
  • Malicious insider threat
  • Spear phishing

Answer : Advanced persistent threat

The server administrator has noted that most servers have a lot of free disk space and low memory utilization. Which of the following statements will be correct if the server administrator migrates to a virtual server environment?


Options are :

  • Servers will encounter latency and lowered throughput issues.
  • The administrator will need to deploy load balancing and clustering.
  • The administrator will not be able to add a test virtual environment in the data center.
  • The administrator may spend more on licensing but less on hardware and equipment.

Answer : The administrator may spend more on licensing but less on hardware and equipment.

CAS-001 CompTIA Advanced Security Practitioner Practice Exam Set 1

A network administrator has been tasked with securing the WLAN. Which of the following cryptographic products would be used to provide the MOST secure environment for the WLAN?


Options are :

  • WPA
  • WPA2 CCMP
  • WPA with MAC filtering
  • WPA2 TKIP

Answer : WPA2 CCMP

A security administrator must implement all requirements in the following corporate policy: Passwords shall be protected against offline password brute force attacks. Passwords shall be protected against online password brute force attacks. Which of the following technical controls must be implemented to enforce the corporate policy? (Select THREE).


Options are :

  • Minimum password length
  • Account lockout
  • Password complexity
  • Account expiration
  • Screen locks
  • Minimum password lifetime

Answer : Minimum password length Account lockout Password complexity

A network administrator is looking for a way to automatically update company browsers so they import a list of root certificates from an online source. This online source will then be responsible for tracking which certificates are to be trusted or not trusted. Which of the following BEST describes the service that should be implemented to meet these requirements?


Options are :

  • PKI
  • Trust model
  • OCSP
  • Key escrow

Answer : Trust model

CompTIA LX0-102 Linux Part 2 Certification Practice Exam Set 4

The security consultant is assigned to test a client?s new software for security, after logs show targeted attacks from the Internet. To determine the weaknesses, the consultant has no access to the application program interfaces, code, or data structures. This is an example of which of the following types of testing?


Options are :

  • . Gray box
  • White box
  • Black box
  • Penetration

Answer : Black box

Which of the following concepts is used by digital signatures to ensure integrity of the data?


Options are :

  • Non-repudiation
  • Key escrow
  • Transport encryption
  • Hashing

Answer : Hashing

Which of the following was launched against a company based on the following IDS log? 122.41.15.252 - - [21/May/2012:00:17:20 +1200] "GET /index.php?username=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAA HTTP/1.1" 200 2731 "http://www.company.com/cgibin/forum/commentary.pl/noframes/read/209" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hot bar 4.4.7.0)"


Options are :

  • XSS attack
  • Buffer overflow attack
  • Online password crack
  • SQL injection

Answer : Buffer overflow attack

BR0-001 CompTIA Bridge Security+ Certification Practice Exam Set 2

After a network outage, a PC technician is unable to ping various network devices. The network administrator verifies that those devices are working properly and can be accessed securely. Which of the following is the MOST likely reason the PC technician is unable to ping those devices?


Options are :

  • ICMP is being blocked
  • SSH is not enabled
  • DNS settings are wrong
  • SNMP is not configured properly

Answer : ICMP is being blocked

A quality assurance analyst is reviewing a new software product for security, and has complete access to the code and data structures used by the developers. This is an example of which of the following types of testing?


Options are :

  • Penetration
  • Black box
  • White box
  • Gray box

Answer : White box

A merchant acquirer has the need to store credit card numbers in a transactional database in a high performance environment. Which of the following BEST protects the credit card data?


Options are :

  • File-level encryption
  • Database field encryption
  • Data loss prevention system
  • Full disk encryption

Answer : Database field encryption

JK0-016 CompTIA Network+ 2009 Edition Practice Exam Set 11

A security architect wishes to implement a wireless network with connectivity to the company?s internal network. Before they inform all employees that this network is being put in place, the architect wants to roll it out to a small test segment. Which of the following allows for greater secrecy about this network during this initial phase of implementation?


Options are :

  • Filtering test workstations by MAC address
  • Implementing WPA2 - CCMP
  • Implementing WPA2 - TKIP
  • Disabling SSID broadcasting

Answer : Disabling SSID broadcasting

Which of the following preventative controls would be appropriate for responding to a directive to reduce the attack surface of a specific host?


Options are :

  • Taking a baseline configuration
  • Installing anti-malware
  • Implementing an IDS
  • Disabling unnecessary services

Answer : Disabling unnecessary services

The security administrator has been tasked to update all the access points to provide a more secure connection. All access points currently use WPA TKIP for encryption. Which of the following would be configured to provide more secure connections?


Options are :

  • MAC filtering
  • Disable SSID broadcast and increase power levels
  • WEP
  • WPA2 CCMP

Answer : WPA2 CCMP

CompTIA JK0-801 A+ Certification Part 2 Practice Exam Set 2

Configuring key/value pairs on a RADIUS server is associated with deploying which of the following?


Options are :

  • Intrusion detection system
  • WPA2-Enterprise wireless network
  • Digital certificates
  • DNS secondary zones

Answer : WPA2-Enterprise wireless network

A security analyst discovered data such as images and word documents hidden within different types of files. Which of the following cryptographic concepts describes what was discovered?


Options are :

  • Symmetric encryption
  • Non-repudiation
  • Hashing
  • Steganography

Answer : Steganography

A server administrator notes that a legacy application often stops running due to a memory error. When reviewing the debugging logs, they notice code being run calling an internal process to exploit the machine. Which of the following attacks does this describe?


Options are :

  • Zero-day
  • Buffer overflow
  • Malicious add-on
  • Cross site scripting

Answer : Buffer overflow

CompTIA JK0-019 E2C Network Media & Topologies Practice Exam Set 5

A company wants to ensure that all credentials for various systems are saved within a central database so that users only have to login once for access to all systems. Which of the following would accomplish this?


Options are :

  • Single Sign-On
  • Same Sign-On
  • Smart card access
  • Multi-factor authentication

Answer : Single Sign-On

A security administrator is reviewing the below output from a password auditing tool: [email protected] @pW1. S3cU4 Which of the following additional policies should be implemented based on the tool?s output?


Options are :

  • Password history
  • Password age
  • Password length
  • Password complexity

Answer : Password length

An incident response team member needs to perform a forensics examination but does not have the required hardware. Which of the following will allow the team member to perform the examination with minimal impact to the potential evidence?


Options are :

  • Imaging based on order of volatility
  • Hashing the image after capture
  • Using a software file recovery disc
  • Mounting the drive in read-only mode

Answer : Mounting the drive in read-only mode

Comptia Linux+ LX0-103 Certification Exam Practice Test Set 3

Which of the following helps to apply the proper security controls to information?


Options are :

  • Encryption
  • Data classification
  • Deduplication
  • Clean desk policy

Answer : Data classification

Which of the following types of security services are used to support authentication for remote users and devices?


Options are :

  • Biometrics
  • RADIUS
  • HSM
  • TACACS

Answer : RADIUS

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions