CompTIA JK0-018 Security+ E2C Certified Practice Exam Set 7

After a number of highly publicized and embarrassing customer data leaks as a result of social engineering attacks by phone, the Chief Information Officer (CIO) has decided user training will reduce the risk of another data leak. Which of the following would be MOST effective in reducing data leaks in this situation?


Options are :

  • Data Handling and Disposal
  • Acceptable Use of IT Systems
  • Information Security Awareness
  • Social Media and BYOD

Answer : Information Security Awareness

CompTIA JK0-019 E2C Network Media & Topologies Practice Exam Set 5

In the case of a major outage or business interruption, the security office has documented the expected loss of earnings, potential fines and potentiaconsequence to customer service. Which of the following would include the MOST detail on these objectives?


Options are :

  • Continuity of Operations
  • IT Contingency Plan
  • Business Impact Analysis
  • Disaster Recovery Plan

Answer : Business Impact Analysis

Which of the following protocols is used by IPv6 for MAC address resolution?


Options are :

  • ARP
  • DNS
  • NDP
  • NCP

Answer : NDP

A security administrator wants to test the reliability of an application which accepts user provided parameters. The administrator is concerned with data integrity and availability. Which of the following should be implemented to accomplish this task?


Options are :

  • Input validation
  • Exception handling
  • Secure coding
  • Fuzzing

Answer : Fuzzing

CompTIA JK0-018 Security+ E2C Certified Practice Exam Set 10

Which of the following is a common coding error in which boundary checking is not performed?


Options are :

  • Secure coding
  • Cross-site scripting
  • Input validation
  • Fuzzing

Answer : Input validation

A bank has a fleet of aging payment terminals used by merchants for transactional processing. The terminals currently support single DES but require an upgrade in order to be compliant with security standards. Which of the following is likely to be the simplest upgrade to the aging terminals which will improve in-transit protection of transactional data?


Options are :

  • WPA2
  • AES
  • RC4
  • 3DES

Answer : 3DES

Which of the following provides the BEST explanation regarding why an organization needs to implement IT security policies?


Options are :

  • To reduce the organizational risk
  • To require acceptable usage of IT systems
  • To ensure that false positives are identified
  • To ensure that staff conform to the policy

Answer : To reduce the organizational risk

Practice : CompTIA Cloud+ Certification

A security administrator is tasked with calculating the total ALE on servers. In a two year period of time, a company has to replace five servers. Each server replacement has cost the company $4,000 with downtime costing $3,000. Which of the following is the ALE for the company?


Options are :

  • $10,000
  • $7,000
  • $35,000
  • $17,500

Answer : $17,500

A malicious user is sniffing a busy encrypted wireless network waiting for an authorized client to connect to it. Only after an authorized client has connected and the hacker was able to capture the client handshake with the AP can the hacker begin a brute force attack to discover the encryption key. Which of the following attacks is taking place?


Options are :

  • WEP cracking
  • WPA cracking
  • Rogue AP
  • IV attack

Answer : WPA cracking

When using PGP, which of the following should the end user protect from compromise? (Select TWO).


Options are :

  • Key password
  • Private key
  • Public key
  • CRL details

Answer : Key password Private key

FC0-U41 CompTIA Strata IT Fundamentals Practice Test Set 2

After visiting a website, a user receives an email thanking them for a purchase which they did not request. Upon investigation the security administrator sees the following source code in a pop-up window: Which of the following has MOST likely occurred?


Options are :

  • XSRF
  • SQL injection
  • XSS
  • Cookie stealing

Answer : XSRF

Everyone in the accounting department has the ability to print and sign checks. Internal audit has asked that only one group of employees may print checks while only two other employees may sign the checks. Which of the following concepts would enforce this process?


Options are :

  • Discretionary Access Control
  • Separation of Duties
  • Mandatory Vacations
  • Job Rotation

Answer : Separation of Duties

A new MPLS network link has been established between a company and its business partner. The link provides logical isolation in order to prevent access from other business partners. Which of the following should be applied in order to achieve confidentiality and integrity of all data across the link?


Options are :

  • SSL/TLS for all application flows.
  • HTTPS and SSH for all application flows.
  • IPSec VPN tunnels on top of the MPLS link.
  • MPLS should be run in IPVPN mode.

Answer : IPSec VPN tunnels on top of the MPLS link.

CompTIA Security+ SY0-501 Exam Preparation (Latest Version) Set 8

The librarian wants to secure the public Internet kiosk PCs at the back of the library. Which of the following would be the MOST appropriate? (Select TWO).


Options are :

  • Privacy screen
  • Device encryption
  • Antivirus
  • Cable locks

Answer : Antivirus Cable locks

certificate, public key, and certificate signing request


Options are :

  • IPv4 DNS record
  • IPSEC DNS record
  • IPv6 DNS record
  • DNSSEC record

Answer : IPv6 DNS record

Which of the following provides dedicated hardware-based cryptographic functions to an operating system and its applications running on laptops and desktops?


Options are :

  • CPU
  • HSM
  • FPU
  • TPM

Answer : TPM

BR0-001 CompTIA Bridge Security+ Certification Practice Exam Set 1

Which of the following authentication services should be replaced with a more secure alternative?


Options are :

  • XTACACS
  • TACACS
  • RADIUS
  • TACACS+

Answer : TACACS

Multi-tenancy is a concept found in which of the following?


Options are :

  • Cloud computing
  • Data loss prevention
  • Removable media
  • Full disk encryption

Answer : Cloud computing

Public key certificates and keys that are compromised or were issued fraudulently are listed on which of the following?


Options are :

  • PKI
  • CRL
  • ACL
  • CA

Answer : CRL

CompTIA A+ 220 902 Test Set 1

The Human Resources department has a parent shared folder setup on the server. There are two groups that have access, one called managers and one called staff. There are many sub folders under the parent shared folder, one is called payroll. The parent folder access control list propagates all subfolders and all subfolders inherit the parent permission. Which of the following is the quickest way to prevent the staff group from gaining access to the payroll folder?


Options are :

  • Implicit deny on the payroll folder for the staff group
  • Remove the staff group from the payroll folder
  • Implicit deny on the payroll folder for the managers group
  • Remove inheritance from the payroll folder

Answer : Implicit deny on the payroll folder for the staff group

Which of the following tests a number of security controls in the least invasive manner?


Options are :

  • Vulnerability scan
  • Penetration test
  • Threat assessment
  • Ping sweep

Answer : Vulnerability scan

Which of the following allows an organization to store a sensitive PKI component with a trusted third party?


Options are :

  • Public Key Infrastructure
  • Private key
  • Key escrow
  • Trust model

Answer : Key escrow

CL0-001 CompTIA Cloud Essentials Practice Test Set 8

Which of the following disaster recovery strategies has the highest cost and shortest recovery time?


Options are :

  • Hot site
  • Warm site
  • Co-location site
  • Cold site

Answer : Hot site

Which of the following functions provides an output which cannot be reversed and converts data into a string of characters?


Options are :

  • Block ciphers
  • Steganography
  • Hashing
  • Stream ciphers

Answer : Hashing

Which of the following relies on the use of shared secrets to protect communication?


Options are :

  • RADIUS
  • LDAP
  • PKI
  • Kerberos

Answer : RADIUS

CompTIA IT Fundamentals (Exam FC0-U61) Practice Tests Set 2

Which of the following are examples of network segmentation? (Select TWO).


Options are :

  • Subnet
  • DMZ
  • IDS
  • IaaS

Answer : Subnet DMZ

An administrator has successfully implemented SSL on srv4.comptia.com using wildcard certificate *.comptia.com, and now wishes to implement SSL on srv5.comptia.com. Which of the following files should be copied from srv4 to accomplish this?


Options are :

  • certificate, private key, and intermediate certificate chain
  • certificate, root certificate, and certificate signing request
  • certificate, intermediate certificate chain, and root certificate
  • certificate, public key, and certificate signing request

Answer : certificate, private key, and intermediate certificate chain

Which of the following devices would be MOST useful to ensure availability when there are a large number of requests to a certain website?


Options are :

  • Protocol analyzer
  • VPN concentrator
  • Web security gateway
  • Load balancer

Answer : Load balancer

FC0-U41 CompTIA Strata IT Fundamentals Practice Test Set 5

When an order was submitted via the corporate website, an administrator noted special characters (e.g., “;--” and “or 1=1 --”) were input instead of the expected letters and numbers. Which of the following is the MOST likely reason for the unusual results?


Options are :

  • The user is attempting to highjack the web server session using an open-source browser.
  • The user is sending malicious SQL injection strings in order to extract sensitive company or customer data via the website.
  • The user has been compromised by a cross-site scripting attack (XSS) and is part of a botnet performing DDoS attacks.
  • The user is attempting to fuzz the web server by entering foreign language characters which are incompatible with the website.

Answer : The user is sending malicious SQL injection strings in order to extract sensitive company or customer data via the website.

Which of the following attacks targets high level executives to gain company information?


Options are :

  • Phishing
  • Vishing
  • Whaling
  • Spoofing

Answer : Whaling

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions