CompTIA JK0-018 Security+ E2C Certified Practice Exam Set 6

Which of the following is designed to ensure high availability of web based applications?

Options are :

  • Load balancers
  • Proxies
  • Routers
  • URL filtering

Answer : Load balancers

220-801 CompTIA A+ Certification Practice Exam Set 12

One of the most basic ways to protect the confidentiality of data on a laptop in the event the device is physically stolen is to implement which of the following?

Options are :

  • Whole disk encryption with two-factor authentication
  • File level encryption with alphanumeric passwords
  • BIOS passwords and two-factor authentication
  • Biometric authentication and cloud storage

Answer : Whole disk encryption with two-factor authentication

One of the most consistently reported software security vulnerabilities that leads to major exploits is:

Options are :

  • Lack of malware detection.
  • Attack surface decrease.
  • Inadequate network hardening.
  • Poor input validation.

Answer : Poor input validation.

A system administrator wants to enable WPA2 CCMP. Which of the following is the only encryption used?

Options are :

  • DES
  • RC4
  • 3DES
  • AES

Answer : AES

220-802 CompTIA A+ Certification Practice Exam Set 9

Which of the following encrypts data a single bit at a time?

Options are :

  • Stream cipher
  • Hashing
  • Steganography
  • 3DES

Answer : Stream cipher

A small company has a website that provides online customer support. The company requires an account recovery process so that customers who forget their passwords can regain access. Which of the following is the BEST approach to implement this process?

Options are :

  • Web-based form that identifies customer by another mechanism, sets a temporary password and forces a password change upon first login.
  • Web-based form that identifies customer by another mechanism and then emails the customer their forgotten password.
  • Require the customer to physically come into the company?s main office so that the customer can be authenticated prior to their password being reset.
  • Replace passwords with hardware tokens which provide two-factor authentication to the online customer support site.

Answer : Web-based form that identifies customer by another mechanism, sets a temporary password and forces a password change upon first login.

Which of the following is used to verify data integrity?

Options are :

  • RSA
  • 3DES
  • AES
  • SHA

Answer : SHA

JK0-015 CompTIA E2C Security+ 2008 Edition Practice Exam Set 8

Which of the following provides data the best fault tolerance at the LOWEST cost?

Options are :

  • Load balancing
  • Server virtualization
  • RAID 6
  • Clustering

Answer : RAID 6

Two programmers write a new secure application for the human resources department to store personal identifiable information. The programmers make the application available to themselves using an uncommon port along with an ID and password only they know. This is an example of which of the following?

Options are :

  • Backdoor
  • Logic Bomb
  • Spyware
  • Root Kit

Answer : Backdoor

A security administrator needs a locally stored record to remove the certificates of a terminated employee. Which of the following describes a service that could meet these requirements?

Options are :

  • CA
  • OCSP
  • PKI
  • CRL

Answer : CRL

Comptia Certification Collection

Ann, a security analyst, has been notified that trade secrets are being leaked from one of the executives in the corporation. When reviewing this executive?s laptop she notices several pictures of the employee?s pets are on the hard drive and on a cloud storage network. When Ann hashes the images on the hard drive against the hashes on the cloud network they do not match. Which of the following describes how the employee is leaking these secrets?

Options are :

  • Hashing
  • Social engineering
  • Digital signatures
  • Steganography

Answer : Steganography

Which of the following provides the strongest authentication security on a wireless network?

Options are :

  • MAC filter
  • WEP
  • Disable SSID broadcast
  • WPA2

Answer : WPA2

The security department has implemented a new laptop encryption product in the environment. The product requires one user name and password at the time of boot up and also another password after the operatinsystem has finished loading. This setup is using which of the following authentication types?

Options are :

  • Single sign-on
  • Single factor authentication
  • Multifactor authentication
  • Two-factor authentication

Answer : Single factor authentication

CompTIA PD1-001 PDI+ Beta Certification Practice Exam Set 13

While previously recommended as a security measure, disabling SSID broadcast is not effective against most attackers because network

Options are :

  • no longer used to authenticate to most wireless networks.
  • contained in all wireless broadcast packets by default.
  • contained in certain wireless packets in plaintext.
  • no longer supported in 802.11 protocols.

Answer : contained in certain wireless packets in plaintext.

Human Resources (HR) would like executives to undergo only two specific security training programs a year. Which of the following provides the BEST level of security training for the executives? (Select TWO).

Options are :

  • Zero day exploits and viruses
  • Clean desk and BYOD
  • Information security awareness
  • Phishing threats and attacks
  • Data handling and disposal
  • Acceptable use of social media

Answer : Information security awareness Phishing threats and attacks

Which of the following practices reduces the management burden of access management?

Options are :

  • Log analysis and review
  • Group based privileges
  • Password complexity policies
  • User account audit

Answer : Group based privileges

NEW! CompTIA A+ 2019 Cert. Core 2 (220-1002) Practice Tests Set 5

The finance department works with a bank which has recently had a number of cyber attacks. The finance department is concerned that the banking website certificates have been compromised. Which of the following can the finance department check to see if any of the bank?s certificates are still valid?

Options are :

  • Bank?s key escrow
  • Bank?s private key
  • Bank?s CRL
  • Bank?s recovery agent

Answer : Bank?s CRL

A financial company requires a new private network link with a business partner to cater for real-time and batched data flows. Which of the following activities should be performed by the IT security staff member prior to establishing the link?

Options are :

  • SLA reporting
  • Code review
  • Design review
  • Baseline reporting

Answer : Design review

A software firm posts patches and updates to a publicly accessible FTP site. The software firm also posts digitally signed checksums of all patches and updates. The firm does this to address:

Options are :

  • Integrity of the server logs.
  • Confidentiality of downloaded software.
  • Integrity of downloaded software.
  • Availability of the FTP site.

Answer : Integrity of downloaded software.

CA1-001 CompTIA Advanced Security Practitioner Practice Exam Set 7

Users report that after downloading several applications, their systems? performance has noticeably decreased. Which of the followingwould be used to validateprograms prior to installing them?

Options are :

  • SSH
  • Whole disk encryption
  • MD5
  • Telnet

Answer : MD5

The practice of marking open wireless access points is called which of the following?

Options are :

  • War driving
  • War chalking
  • Evil twin
  • War dialing

Answer : War chalking

ABC company has a lot of contractors working for them. The provisioning team does not always get notified that a contractor has left the company. Which of the following policies would prevent contractors from having access to systems in the event a contractor has left?

Options are :

  • Account expiration policy
  • Annual account review
  • Account lockout policy
  • Account disablement

Answer : Account expiration policy

CompTIA JK0-801 A+ Certification Part 2 Practice Exam Set 1

Which of the following security devices can be replicated on a Linux based computer using IP tables to inspect and properly handle network based traffic?

Options are :

  • Sniffer
  • Router
  • Switch
  • Firewall

Answer : Firewall

A security analyst informs the Chief Executive Officer (CEO) that a security breach has just occurred. This results in the Risk Manager and Chief Information Officer (CIO) being caught unaware when the CEO asks for further information. Which of the following strategies should be implemented to ensure the Risk Manager and CIO are not caught unaware in the future?

Options are :

  • Incident management
  • Chain of custody management
  • Change management
  • Procedure and policy management

Answer : Incident management

A Chief Information Security Officer (CISO) is tasked with outsourcing the analysis of security logs. These will need to still be reviewed on a regular basis to ensure the security of the company has not been breached. Which of the following cloud service options would support this requirement?

Options are :

  • PaaS
  • SaaS
  • IaaS
  • MaaS

Answer : MaaS

CompTIA JK0-022 Security Cryptography Certification Exam Set 10

Which of the following concepts is a term that directly relates to customer privacy considerations?

Options are :

  • Personally identifiable information
  • Clean desk policies
  • Information classification
  • Data handling policies

Answer : Personally identifiable information

A customer has provided an email address and password to a website as part of the login process. Which of the following BEST describes the email address?

Options are :

  • Authentication
  • Authorization
  • Identification
  • Access control

Answer : Identification

Which of the following describes purposefully injecting extra input during testing, possibly causing an application to crash?

Options are :

  • Input validation
  • Exception handling
  • Application hardening
  • Fuzzing

Answer : Fuzzing

CT0-101 Convergence+ Certification Practice Exam Set 11

Which of the following is a concern when encrypting wireless data with WEP?

Options are :

  • WEP implements weak initialization vectors for key transmission
  • WEP displays the plain text entire key when wireless packet captures are reassembled
  • WEP uses a very weak encryption algorithm
  • WEP allows for only four pre-shared keys to be configured

Answer : WEP implements weak initialization vectors for key transmission

Which of the following is a Data Loss Prevention (DLP) strategy and is MOST useful for securing data in use?

Options are :

  • Content discovery
  • Database fingerprinting
  • Endpoint protection
  • Email scanning

Answer : Endpoint protection

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions