After a company has standardized to a single operating system, not all servers are immune to a well-known OS vulnerability. Which of the following solutions would mitigate this issue?

Options are :

• Patch management system (Correct)
• Initial baseline configurations
• Host based firewall
• Discretionary access control

Answer : Patch management system

A company storing data on a secure server wants to ensure it is legally able to dismiss and prosecute staff who intentionally access the server via Telnet and illegally tamper with customer data. Which of the following administrative controls should be implemented to BEST achieve this?

Options are :

• Command shell restrictions
• Restricted interface
• Warning banners (Correct)
• Session output pipe to /dev/null

Answer : Warning banners

Which of the following could cause a browser to display the message below? "The security certificate presented by this website was issued for a different website’s address."

Options are :

• The website is using a wildcard certificate issued for the company’s domain.
• HTTPS://127.0.01 was used instead of HTTPS://localhost. (Correct)
• The website is using an expired self signed certificate.
• The website certificate was issued by a different CA than what the browser recognizes in its trusted CAs.

Answer : HTTPS://127.0.01 was used instead of HTTPS://localhost.

JK0-017 CompTIA E2C Project+ Certification Practice Exam Set 5

Which of the following is an example of a false negative?

Options are :

• Anti-virus protection interferes with the normal operation of an application.
• A user account is locked out after the user mistypes the password too many times.
• The IDS does not identify a buffer overflow. (Correct)
• Anti-virus identifies a benign application as malware.

Answer : The IDS does not identify a buffer overflow.

Which of the following concepts describes the use of a one way transformation in order to validate the integrity of a program?

Options are :

• Key escrow
• Hashing (Correct)
• Non-repudiation
• Steganography

Answer : Hashing

Two members of the finance department have access to sensitive information. The company is concerned they may work together to steal information. Which of the following controls could be implemented to discover if they are working together?

Options are :

• Separation of duties
• Mandatory access control
• Mandatory vacations (Correct)
• Least privilege access

Answer : Mandatory vacations

Ethical Hacking and CompTIA PenTest+ with 2 Practice Tests Set 1

A security audit identifies a number of large email messages being sent by a specific user from their company email account to another address external to the company. These messages were sent prior to a company data breach, which prompted the security audit. The user was one of a few people who had access to the leaked data. Review of the suspect’s emails show they consist mostly of pictures of the user at various locations during a recent vacation. No suspicious activities from other users who have access to the data were discovered. Which of the following is occurring?

Options are :

• The user is using steganography. (Correct)
• The user is using hashing to embed data in the emails.
• The user is encrypting the data in the outgoing messages.
• The user is spamming to obfuscate the activity.

Answer : The user is using steganography.

Which of the following should Joe, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from his company?

Options are :

• Mandatory Vacations (Correct)
• Privacy Policy
• Acceptable Use
• Least Privilege

Answer : Mandatory Vacations

Matt, a security administrator, wants to ensure that the message he is sending does not get intercepted or modified in transit. This concern relates to which of the following concepts?

Options are :

• Availability
• Accounting
• Integrity (Correct)
• Confidentiality

Answer : Integrity

CompTIA Network+ (N10-007) : 6 Practice Exams - 2019 Set 5

An online store wants to protect user credentials and credit card information so that customers can store their credit card information and use their card for multiple separate transactions. Which of the following database designs provides the BEST security for the online store?

Options are :

• Hash the credential fields and use encryption for the credit card field (Correct)
• Use encryption for the credential fields and hash the credit card field
• Hash both the credential fields and the credit card field
• Encrypt the username and hash the password

Answer : Hash the credential fields and use encryption for the credit card field

An email client says a digital signature is invalid and the sender cannot be verified. The recipient is concerned with which of the following concepts?

Options are :

• Integrity (Correct)
• Availability
• Remediation
• Confidentiality

Answer : Integrity

Company A submitted a bid on a contract to do work for Company B via email. Company B was insistent that the bid did not come from Company A. Which of the following would have assured that the bid was submitted by Company A?

Options are :

• Hashing
• Digital Signatures (Correct)
• Encryption
• Steganography

Answer : Digital Signatures

SY0-401 CompTIA Security+ Certification Practice Exam Set 2

A vulnerability scan is reporting that patches are missing on a server. After a review, it is determined that the application requiring the patch does not exist on the operating system. Which of the following describes this cause?

Options are :

• Application hardening
• False positive (Correct)
• Baseline code review
• False negative

Answer : False positive

Mandatory vacations are a security control which can be used to uncover which of the following?

Options are :

• The need for additional security staff
• Poor password security among users
• Fraud committed by a system administrator (Correct)
• Software vulnerabilities in vendor code

Answer : Fraud committed by a system administrator

Matt, a security consultant, has been tasked with increasing server fault tolerance and has been given no budget to accomplish his task. Which of the following can Matt implement to ensure servers will withstand hardware failure?

Options are :

• A cold site
• Hardware load balancing
• A host standby
• RAID (Correct)

Answer : RAID

N10-006 CompTIA Network+ Certification Practice Test Set 2

After recovering from a data breach in which customer data was lost, the legal team meets with the Chief Security Officer (CSO) to discuss ways to better protect the privacy of customer data. Which of the following controls support this goal?

Options are :

• Hashing and non-repudiation
• Encryption and stronger access control (Correct)
• Contingency planning
• Redundancy and fault tolerance

Answer : Encryption and stronger access control

Joe, a user, wants to send an encrypted email to Ann. Which of the following will Ann need to use to verify that the email came from Joe and decrypt it? (Select TWO).

Options are :

• The CA’s private key (Correct)
• The CA’s public key
• Ann’s private key (Correct)
• Joe’s public key
• Joe’s private key
• Ann’s public key

Answer : The CA’s private key Ann’s private key

Certificates are used for: (Select TWO).

Options are :

• Password hashing.
• Client authentication (Correct)
• Code signing. (Correct)
• Access control lists.
• WEP encryption

Answer : Client authentication Code signing.

SY0-401 CompTIA Security+ Certification Practice Exam Set 4

Digital signatures are used for ensuring which of the following items? (Select TWO).

Options are :

• Integrity (Correct)
• Non-Repudiation (Correct)
• Availability
• Confidentiality
• Algorithm strength

Answer : Integrity Non-Repudiation

Which of the following should Pete, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from their company?

Options are :

• Acceptable Use
• Least Privilege
• Privacy Policy
• Mandatory Vacations (Correct)

Answer : Mandatory Vacations

A certificate used on an ecommerce web server is about to expire. Which of the following will occur if the certificate is allowed to expire?

Options are :

• The ecommerce site will not function until the certificate is renewed.
• The certificate will be added to the Certificate Revocation List (CRL).
• The ecommerce site will no longer use encryption.
• Clients will be notified that the certificate is invalid. (Correct)

Answer : Clients will be notified that the certificate is invalid.

N10-006 CompTIA Network+ Certification Practice Test Set 9

A system administrator has been instructed by the head of security to protect their data at-rest. Which of the following would provide the strongest protection?

Options are :

• A host-based intrusion detection system
• Prohibiting removable media
• Incorporating a full-disk encryption system (Correct)
• Biometric controls on data center entry points

Answer : Incorporating a full-disk encryption system

An Information Systems Security Officer (ISSO) has been placed in charge of a classified peer-to-peer network that cannot connect to the Internet. The ISSO can update the antivirus definitions manually, but which of the following steps is MOST important?

Options are :

• All users must be logged off of the network prior to the installation of the definition file.
• The definition file must be updated within seven days.
• The signatures must have a hash value equal to what is displayed on the vendor site. (Correct)
• A full scan must be run on the network after the DAT file is installed.

Answer : The signatures must have a hash value equal to what is displayed on the vendor site.

A company that has a mandatory vacation policy has implemented which of the following controls?

Options are :

• Physical control
• Risk control (Correct)
• Privacy control
• Technical control

Answer : Risk control

CompTIA MB0-001 Mobility+ Certification Practice Exam Set 8

Some customers have reported receiving an untrusted certificate warning when visiting the company’s website. The administrator ensures that the certificate is not expired and that customers have trusted the original issuer of the certificate. Which of the following could be causing the problem?

Options are :

• The client’s browser is trying to negotiate SSL instead of TLS
• The encryption key used in the certificate is too short.
• The intermediate CA certificates were not installed on the server. (Correct)
• The certificate is not the correct type for a virtual server.

Answer : The intermediate CA certificates were not installed on the server.

Sara, a security administrator, manually hashes all network device configuration files daily and compares them to the previous days’ hashes. Which of the following security concepts is Sara using?

Options are :

• Confidentiality
• Availability
• Compliance
• Integrity (Correct)

Answer : Integrity

Which of the following provides the BEST explanation regarding why an organization needs to implement IT security policies?

Options are :

• To ensure that staff conform to the policy
• To ensure that false positives are identified
• To require acceptable usage of IT systems
• To reduce the organizational risk (Correct)

Answer : To reduce the organizational risk

CompTIA Security+ SY0-501 Exam Preparation (Latest Version) Set 3

A security analyst has been notified that trade secrets are being leaked from one of the executives in the corporation. When reviewing this executive’s laptop they notice several pictures of the employee’s pets are on the hard drive and on a cloud storage network. When the analyst hashes the images on the hard drive against the hashes on the cloud network they do not match. Which of the following describes how the employee is leaking these secrets?

Options are :

• Steganography (Correct)
• Social engineering
• Hashing
• Digital signatures

Answer : Steganography

Pete, a security analyst, has been informed that the development team has plans to develop an application which does not meet the company’s password policy. Which of the following should Pete do NEXT?

Options are :

• Tell the application development manager to code the application to adhere to the company’s password policy. (Correct)
• Inform the Chief Information Officer of non-adherence to the security policy so that the developers can be reprimanded.
• Contact the Chief Information Officer and ask them to change the company password policy so that the application is made compliant.
• Ask the application development manager to submit a risk acceptance memo so that the issue can be documented.

Answer : Tell the application development manager to code the application to adhere to the company’s password policy.

While rarely enforced, mandatory vacation policies are effective at uncovering:

Options are :

• Acts of gross negligence on the part of system administrators with unfettered access to system and no oversight. (Correct)
• Help desk technicians with oversight by multiple supervisors and detailed quality control systems.
• Collusion between two employees who perform the same business function.
• Acts of incompetence by a systems engineer designing complex architectures as a member of a team.

Answer : Acts of gross negligence on the part of system administrators with unfettered access to system and no oversight.

SK0-004 CompTIA Server+ Certification Practice Exam Set 1

Which of the following would a security administrator use to verify the integrity of a file?

Options are :

• File descriptor
• Hash (Correct)
• Time stamp
• MAC times

Answer : Hash

Ann, a newly hired human resource employee, sent out confidential emails with digital signatures, to an unintended group. Which of the following would prevent her from denying accountability?

Options are :

• Non Repudiation (Correct)
• Steganography
• Access Control
• Email Encryption

Answer : Non Repudiation

Joe, a newly hired employee, has a corporate workstation that has been compromised due to several visits to P2P sites. Joe insisted that he was not aware of any company policy that prohibits the use of such web sites. Which of the following is the BEST method to deter employees from the improper use of the company’s information systems?

Options are :

• Privacy Policy
• Acceptable Use Policy (Correct)
• Human Resource Policy
• Security Policy

Answer : Acceptable Use Policy

SY0-401 CompTIA Security+ Certification Practice Exam Set 7

The security administrator is implementing a malware storage system to archive all malware seen by the company into a central database. The malware must be categorized and stored based on similarities in the code. Which of the following should the security administrator use to identify similar malware?

Options are :

• Fuzzy hashes (Correct)
• TwoFish
• SHA-512
• HMAC

Answer : Fuzzy hashes

Digital certificates can be used to ensure which of the following? (Select TWO).

Options are :

• Authorization
• Non-repudiation (Correct)
• Availability
• Confidentiality (Correct)
• Verification

Answer : Non-repudiation Confidentiality

Several departments within a company have a business need to send high volumes of confidential information to customers via email. Which of the following is the BEST solution to mitigate unintentional exposure of confidential information?

Options are :

• Employ exact data matching and encrypt inbound e-mails with Data Loss Prevention.
• Employ encryption on all outbound emails containing confidential information. (Correct)
• Employ exact data matching and prevent inbound emails with Data Loss Prevention.
• Employ hashing on all outbound emails containing confidential information.

Answer : Employ encryption on all outbound emails containing confidential information.

FC0-U51 CompTIA IT Fundamentals Certification Exam Set 8

Ann, a security technician, is reviewing the IDS log files. She notices a large number of alerts for multicast packets from the switches on the network. After investigation, she discovers that this is normal activity for her network. Which of the following BEST describes these results?

Options are :

• True negatives
• False positives (Correct)
• False negatives
• True positives

Answer : False positives

A software firm posts patches and updates to a publicly accessible FTP site. The software firm also posts digitally signed checksums of all patches and updates. The firm does this to address:

Options are :

• Integrity of downloaded software (Correct)
• Integrity of the server logs.
• Confidentiality of downloaded software.
• Availability of the FTP site.

Answer : Integrity of downloaded software

It is important to staff who use email messaging to provide PII to others on a regular basis to have confidence that their messages are not intercepted or altered during transmission. They are concerned about which of the following types of security control?

Options are :

• Integrity (Correct)
• Safety
• Confidentiality
• Availability

Answer : Integrity

SY0-401 CompTIA Security+ Certification Practice Exam Set 7

A user was reissued a smart card after the previous smart card had expired. The user is able to log into the domain but is now unable to send digitally signed or encrypted email. Which of the following would the user need to perform?

Options are :

• Recover the previous smart card certificates.
• Make the certificates available to the operating system.
• Remove all previous smart card certificates from the local certificate store.
• Publish the new certificates to the global address list. (Correct)

Answer : Publish the new certificates to the global address list.

A cafe provides laptops for Internet access to their customers. The cafe is located in the center corridor of a busy shopping mall. The company has experienced several laptop thefts from the cafe during peak shopping hours of the day. Corporate has asked that the IT department provide a solution to eliminate laptop theft. Which of the following would provide the IT department with the BEST solution?

Options are :

• Require each customer to sign an AUP
• Attach cable locks to each laptop (Correct)
• Install security cameras within the perimeter of the café
• Install a GPS tracking device onto each laptop

Answer : Attach cable locks to each laptop

A software developer wants to prevent stored passwords from being easily decrypted. When the password is stored by the application, additional text is added to each password before the password is hashed. This technique is known as:

Options are :

• Symmetric cryptography.
• Salting. (Correct)
• Rainbow tables.
• Private key cryptography.

Answer : Salting.

SY0-401 CompTIA Security+ Certification Practice Exam Set 9

Recommended Readings

• SY0-401 CompTIA Security+ Certification Practice Exam Set 1
• Comptia Linux+ LX0-103 Certification Exam Practice Test Set 1
• HT0-201 CEA- CompTIA DHTI+ Certification Practice Exam Set 6
• SY0-401 CompTIA Security+ Certification Practice Exam Set 7
• SY0-401 CompTIA Security+ Certification Practice Exam Set 6
• CompTIA PD1-001 PDI+ Beta Certification Practice Exam Set 11
• CompTIA JK0-801 A Laptop Printer and Operating certify Exam Set 3
• FC0-U51 CompTIA IT Fundamentals Certification Exam Set 2
• CompTIA JK0-015 E2C Security+ Certification Practice Test Set 1
• JK0-019 CompTIA E2C Network + Certification Exam Set 2
• SY0-401 CompTIA Security+ Certification Practice Exam Set 3