CompTIA JK0-022 E2C Security+ Compliance & Operational Exam Set 4

The helpdesk reports increased calls from clients reporting spikes in malware infections on their systems. Which of the following phases of incident response is MOST appropriate as a FIRST response?


Options are :

  • Identification (Correct)
  • Eradication
  • Validation
  • Recovery
  • Containment
  • Follow-up

Answer : Identification

To ensure proper evidence collection, which of the following steps should be performed FIRST?


Options are :

  • Review logs
  • Take hashes from the live system
  • Copy all compromised files
  • Capture the system image (Correct)

Answer : Capture the system image

Which of the following is the BEST reason to provide user awareness and training programs for organizational staff?


Options are :

  • To detail business impact analyses
  • To ensure proper use of social media
  • To reduce organizational IT risk (Correct)
  • To train staff on zero-days

Answer : To reduce organizational IT risk

SY0-401 CompTIA Security+ Certification Practice Exam Set 7

Human Resources (HR) would like executives to undergo only two specific security training programs a year. Which of the following provides the BEST level of security training for the executives? (Select TWO).


Options are :

  • Acceptable use of social media
  • Clean desk and BYOD
  • Data handling and disposal
  • Phishing threats and attacks (Correct)
  • Information security awareness (Correct)
  • Zero day exploits and viruses

Answer : Phishing threats and attacks Information security awareness

A server dedicated to the storage and processing of sensitive information was compromised with a rootkit and sensitive data was extracted. Which of the following incident response procedures is best suited to restore the server?


Options are :

  • Format the storage and reinstall both the OS and the data from the most current backup.
  • Keep the data partition, restore the OS from the most current backup and run a full system antivirus scan.
  • Erase the storage, reinstall the OS from most current backup and only restore the data that was not compromised.
  • Wipe the storage, reinstall the OS from original media and restore the data from the last known good backup. (Correct)

Answer : Wipe the storage, reinstall the OS from original media and restore the data from the last known good backup.

Joe, a security administrator, is concerned with users tailgating into the restricted areas. Given a limited budget, which of the following would BEST assist Joe with detecting this activity?


Options are :

  • Install a motion detector near the entrance.
  • Place a full-time guard at the entrance to confirm user identity.
  • Install a camera and DVR at the entrance to monitor access. (Correct)
  • Revoke all proximity badge access to make users justify access.

Answer : Install a camera and DVR at the entrance to monitor access.

CompTIA PD1-001 PDI+ Beta Certification Practice Exam Set 2

Which of the following is a Data Loss Prevention (DLP) strategy and is MOST useful for securing data in use?


Options are :

  • Email scanning
  • Endpoint protection (Correct)
  • Content discovery
  • Database fingerprinting

Answer : Endpoint protection

Which of the following assets is MOST likely considered for DLP?


Options are :

  • Application server content
  • Reverse proxy
  • USB mass storage devices (Correct)
  • Print server

Answer : USB mass storage devices

The Chief Technical Officer (CTO) has tasked The Computer Emergency Response Team (CERT) to develop and update all Internal Operating Procedures and Standard Operating Procedures documentation in order to successfully respond to future incidents. Which of the following stages of the Incident Handling process is the team working on?


Options are :

  • Eradication
  • Preparation (Correct)
  • Recovery
  • Lessons Learned

Answer : Preparation

SY0-401 CompTIA Security+ Certification Practice Exam Set 1

Ann would like to forward some Personal Identifiable Information to her HR department by email, but she is worried about the confidentiality of the information. Which of the following will accomplish this task securely?


Options are :

  • Encryption (Correct)
  • Secret Key
  • Digital Signatures
  • Hashing

Answer : Encryption

During which of the following phases of the Incident Response process should a security administrator define and implement general defense against malware?


Options are :

  • Preparation (Correct)
  • Identification
  • Lessons Learned
  • Eradication

Answer : Preparation

JK0-019 CompTIA E2C Network + Certification Exam Set 3

Which of the following policies is implemented in order to minimize data loss or theft?


Options are :

  • PII handling (Correct)
  • Zero day exploits
  • Password policy
  • Chain of custody

Answer : PII handling

Which of the following controls would prevent an employee from emailing unencrypted information to their personal email account over the corporate network?


Options are :

  • HSM
  • DLP (Correct)
  • TPM
  • CRL

Answer : DLP

After a recent security breach, the network administrator has been tasked to update and backup all router and switch configurations. The security administrator has been tasked to enforce stricter security policies. All users were forced to undergo additional user awareness training. All of these actions are due to which of the following types of risk mitigation strategies?


Options are :

  • Lessons learned (Correct)
  • Change management
  • User rights and permissions review
  • Implementing policies to prevent data loss

Answer : Lessons learned

SY0-401 CompTIA Security+ Certification Practice Exam Set 8

Which of the following helps to apply the proper security controls to information?


Options are :

  • Clean desk policy
  • Deduplication
  • Encryption
  • Data classification (Correct)

Answer : Data classification

The security officer is preparing a read-only USB stick with a document of important personal phone numbers, vendor contacts, an MD5 program, and other tools to provide to employees. At which of the following points in an incident should the officer instruct employees to use this information?


Options are :

  • First Responder (Correct)
  • Contingency Planning
  • Damage and Loss Control
  • Business Impact Analysis

Answer : First Responder

A customer service department has a business need to send high volumes of confidential information to customers electronically. All emails go through a DLP scanner. Which of the following is the BEST solution to meet the business needs and protect confidential information?


Options are :

  • Prevent impacted outgoing emails
  • Automatically encrypt impacted outgoing emails (Correct)
  • Automatically encrypt impacted incoming emails
  • Monitor impacted outgoing emails

Answer : Automatically encrypt impacted outgoing emails

N10-006 CompTIA Network+ Certification Practice Test Set 7

The Chief Technical Officer (CTO) has tasked The Computer Emergency Response Team (CERT) to develop and update all Internal Operating Procedures and Standard Operating Procedures documentation in order to successfully respond to future incidents. Which of the following stages of the Incident Handling process is the team working on?


Options are :

  • Recovery
  • Preparation (Correct)
  • Lessons Learned
  • Eradication

Answer : Preparation

A server dedicated to the storage and processing of sensitive information was compromised with a rootkit and sensitive data was extracted. Which of the following incident response procedures is best suited to restore the server?


Options are :

  • Erase the storage, reinstall the OS from most current backup and only restore the data that was not compromised.
  • Wipe the storage, reinstall the OS from original media and restore the data from the last known good backup. (Correct)
  • Format the storage and reinstall both the OS and the data from the most current backup.
  • Keep the data partition, restore the OS from the most current backup and run a full system antivirus scan.

Answer : Wipe the storage, reinstall the OS from original media and restore the data from the last known good backup.

A security administrator needs to image a large hard drive for forensic analysis. Which of the following will allow for faster imaging to a second hard drive?


Options are :

  • tail -f /dev/sda > /dev/sdb bs=8k
  • locate /dev/sda /dev/sdb bs=4k
  • dd in=/dev/sda out=/dev/sdb bs=4k (Correct)
  • cp /dev/sda /dev/sdb bs=8k

Answer : dd in=/dev/sda out=/dev/sdb bs=4k

Comptia Linux+ LX0-103 Certification Exam Practice Test Set 1

Which of the following technical controls is BEST used to define which applications a user can install and run on a company issued mobile device?


Options are :

  • Acceptable use policy
  • Blacklisting
  • Whitelisting (Correct)
  • Authentication

Answer : Whitelisting

A recent intrusion has resulted in the need to perform incident response procedures. The incident response team has identified audit logs throughout the network and organizational systems which hold details of the security breach. Prior to this incident, a security consultant informed the company that they needed to implement an NTP server on the network. Which of the following is a problem that the incident response team will likely encounter during their assessment?


Options are :

  • Record time offset (Correct)
  • Chain of custody
  • Capture video traffic
  • Tracking man hours

Answer : Record time offset

The helpdesk reports increased calls from clients reporting spikes in malware infections on their systems. Which of the following phases of incident response is MOST appropriate as a FIRST response?


Options are :

  • Recovery
  • Identification (Correct)
  • Follow-up
  • Eradication
  • Validation
  • Containment

Answer : Identification

CompTIA JK0-801 A+ Certification Practical Exam Set 9

Which of the following is the LEAST volatile when performing incident response procedures?


Options are :

  • RAM
  • Hard drive (Correct)
  • RAID cache
  • Registers

Answer : Hard drive

Computer evidence at a crime is preserved by making an exact copy of the hard disk. Which of the following does this illustrate?


Options are :

  • Order of volatility
  • System image capture (Correct)
  • Chain of custody
  • Taking screenshots

Answer : System image capture

To help prevent unauthorized access to PCs, a security administrator implements screen savers that lock the PC after five minutes of inactivity. Which of the following controls is being described in this situation?


Options are :

  • Operational
  • Technical (Correct)
  • Management
  • Administrative

Answer : Technical

CompTIA CySA+ (CS0-001)

After a number of highly publicized and embarrassing customer data leaks as a result of social engineering attacks by phone, the Chief Information Officer (CIO) has decided user training will reduce the risk of another data leak. Which of the following would be MOST effective in reducing data leaks in this situation?


Options are :

  • Acceptable Use of IT Systems
  • Social Media and BYOD
  • Information Security Awareness (Correct)
  • Data Handling and Disposal

Answer : Information Security Awareness

Which of the following is the BEST reason to provide user awareness and training programs for organizational staff?


Options are :

  • To ensure proper use of social media
  • To reduce organizational IT risk (Correct)
  • To detail business impact analyses
  • To train staff on zero-days

Answer : To reduce organizational IT risk

In the initial stages of an incident response, Matt, the security administrator, was provided the hard drives in question from the incident manager. Which of the following incident response procedures would he need to perform in order to begin the analysis? (Select TWO)


Options are :

  • Capture the system image (Correct)
  • Take screen shots
  • Decompile suspicious files
  • Take hashes (Correct)
  • Begin the chain of custody paperwork

Answer : Capture the system image Take hashes

SY0-401 CompTIA Security+ Certification Practice Exam Set 1

A system administrator is responding to a legal order to turn over all logs from all company servers. The system administrator records the system time of all servers to ensure that:


Options are :

  • chain of custody is preserved.
  • HDD hashes are accurate.
  • time offset can be calculated. (Correct)
  • the NTP server works properly.

Answer : time offset can be calculated.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions