CompTIA JK0-022 E2C Security Data & Host Security Exam Set 5

CompTIA JK0-022 E2C Security Data & Host Security Exam Set 5

The chief Risk officer is concerned about the new employee BYOD device policy and has requested the security department implement mobile security controls to protect corporate data in the event that a device is lost or stolen. The level of protection must not be compromised even if the communication SIM is removed from the device. Which of the following BEST meets the requirementsX (Select TWO)


Options are :

  • GEO-Tracking
  • Screen-locks
  • Asset tracking (Correct)
  • Device encryption (Correct)

Answer : Asset tracking Device encryption

FC0-U41 CompTIA Strata IT Fundamentals Practice Test Set 6

A small company has recently purchased cell phones for managers to use while working outside if the office. The company does not currently have a budget for mobile device management and is primarily concerned with deterring leaks if sensitive information obtained by unauthorized access to unattended phones. Which of the following would provide the solution BEST meets the companyXs requirementsX


Options are :

  • Remote wiping
  • Screen-lock (Correct)
  • Disable removable storage
  • Full device encryption

Answer : Screen-lock

Which of the following file systems is from Microsoft and was included with their earliest operating systemsX


Options are :

  • MTFS
  • UFS
  • NTFS
  • FAT (Correct)

Answer : FAT

Prior to leaving for an extended vacation, Joe uses his mobile phone to take a picture of his family in the house living room. Joe posts the picture on a popular social media site together with the message: "Heading to our two weeks vacation to Italy." Upon returning home, Joe discovers that the house was burglarized. Which of the following is the MOST likely reason the house was burglarized if nobody knew JoeXs home addressX


Options are :

  • JoeXs home address can be easily found using the TRACEROUTE command.
  • The picture uploaded to the social media site was geo-tagged by the mobile phone. (Correct)
  • Joe has enabled the device access control feature on his mobile phone.
  • The message posted on the social media site informs everyone the house will be empty.

Answer : The picture uploaded to the social media site was geo-tagged by the mobile phone.

CompTIA Network+ 6 Certification Practice Exams - 2019 Set 14

Which of the following describes the process of removing unnecessary accounts and services from an application to reduce risk exposureX


Options are :

  • Cross-site script prevention
  • Application patch management
  • Error and exception handling
  • Application hardening (Correct)

Answer : Application hardening

Which of the following should Matt, a security administrator, include when encrypting smartphonesX (Select TWO).


Options are :

  • Internal memory (Correct)
  • Removable memory cards (Correct)
  • Master boot records
  • Public keys
  • Steganography images

Answer : Internal memory Removable memory cards

A network administrator noticed various chain messages have been received by the company. Which of the following security controls would need to be implemented to mitigate this issueX


Options are :

  • Antivirus
  • Anti-spam (Correct)
  • Anti-spyware
  • Host-based firewalls

Answer : Anti-spam

SY0-401 CompTIA Security+ Certification Practice Exam Set 5

Jane, an IT security technician, needs to create a way to secure company mobile devices. Which of the following BEST meets this needX


Options are :

  • Implement screen locks, device encryption, and remote wipe capabilities. (Correct)
  • Implement firewalls, network access control, and strong passwords.
  • Implement application patch management, antivirus, and locking cabinets.
  • Implement voice encryption, pop-up blockers, and host-based firewalls.

Answer : Implement screen locks, device encryption, and remote wipe capabilities.

Which of the following controls can be implemented together to prevent data loss in the event of theft of a mobile device storing sensitive informationX (Select TWO).


Options are :

  • GPS
  • Full device encryption (Correct)
  • Asset tracking
  • Inventory control
  • Screen locks (Correct)

Answer : Full device encryption Screen locks

Allowing unauthorized removable devices to connect to computers increases the risk of which of the followingX


Options are :

  • Data deduplication
  • Data leakage prevention
  • Data exfiltratio (Correct)
  • Data classification

Answer : Data exfiltratio

CompTIA Security+ Certification (SY0-501): Tests

A bank has recently deployed mobile tablets to all loan officers for use at customer sites. Which of the following would BEST prevent the disclosure of customer data in the event that a tablet is lost or stolenX


Options are :

  • GPS
  • Application control
  • Screen-locks
  • Remote wiping (Correct)

Answer : Remote wiping

Which of the following would prevent a user from installing a program on a companyowned mobile deviceX


Options are :

  • Remote wipe
  • White-listing (Correct)
  • Access control lists
  • Geotagging

Answer : White-listing

An administrator finds that non-production servers are being frequently compromised, production servers are rebooting at unplanned times and kernel versions are several releases behind the version with all current security fixes.Which of the following should the administrator implementX


Options are :

  • Intrusion detection system
  • Snapshots
  • Patch management (Correct)
  • Sandboxing

Answer : Patch management

CompTIA PD1-001 PDI+ Beta Certification Practice Exam Set 16

Which of the following can be performed when an element of the company policy cannot be enforced by technical meansX


Options are :

  • Develop a privacy policy
  • Develop a set of standards
  • User training (Correct)
  • Separation of duties

Answer : User training

Users are utilizing thumb drives to connect to USB ports on company workstations. A technician is concerned that sensitive files can be copied to the USB drives. Which of the following mitigation techniques would address this concernX (Select TWO).


Options are :

  • Run spyware detection against all workstations.
  • Disable the USB root hub within the OS. (Correct)
  • Disable USB within the workstations BIOS. (Correct)
  • Install anti-virus software on the USB drives.
  • Apply the concept of least privilege to USB devices.

Answer : Disable the USB root hub within the OS. Disable USB within the workstations BIOS.

Which of the following is the term for a fix for a known software problemX


Options are :

  • Patch (Correct)
  • Skiff
  • Upgrade
  • Slipstream

Answer : Patch

220-902 CompTIA A+ Certification Practice Exam Set 6

Vendors typically ship software applications with security settings disabled by default to ensure a wide range of interoperability with other applications and devices. A security administrator should perform which of the following before deploying new softwareX


Options are :

  • Network penetration testing
  • Application hardening (Correct)
  • Input fuzzing testing
  • Application white listing

Answer : Application hardening

Pete, the system administrator, has concerns regarding users losing their company provided smartphones. PeteXs focus is on equipment recovery. Which of the following BEST addresses his concernsX


Options are :

  • Enforce device passwords.
  • Use remote sanitation.
  • Enable GPS tracking. (Correct)
  • Encrypt stored data.

Answer : Enable GPS tracking.

After a security incident involving a physical asset, which of the following should be done at the beginningX


Options are :

  • Create working images of data in the following order: hard drive then RAM.
  • Record every person who was in possession of assets, continuing post-incident. (Correct)
  • Write a report detailing the incident and mitigation suggestions.
  • Back up storage devices so work can be performed on the devices immediately.

Answer : Record every person who was in possession of assets, continuing post-incident.

CompTIA JK0-801 A+ Networking & PC Hardware Practice Exam Set 1

Which of the following can BEST help prevent cross-site scripting attacks and buffer overflows on a production systemX


Options are :

  • Network intrusion detection system
  • Anomaly-based HIDS
  • Input validation (Correct)
  • Peer review

Answer : Input validation

Which of the following practices is used to mitigate a known security vulnerabilityX


Options are :

  • Application fuzzing
  • Auditing security logs
  • Password cracking
  • Patch management (Correct)

Answer : Patch management

The marketing department wants to distribute pens with embedded USB drives to clients. In the past this client has been victimized by social engineering attacks which led to a loss of sensitive data. The security administrator advises the marketing department not to distribute the USB pens due to which of the followingX


Options are :

  • The cost associated with distributing a large volume of the USB pens
  • The security costs associated with securing the USB drives over time
  • The security risks associated with combining USB drives and cell phones on a network
  • The risks associated with the large capacity of USB drives and their concealable nature (Correct)

Answer : The risks associated with the large capacity of USB drives and their concealable nature

JK0-019 CompTIA E2C Network + Certification Exam Set 12

If Organization A trusts Organization B and Organization B trusts Organization C, then Organization A trusts Organization C. Which of the following PKI concepts is this describingX


Options are :

  • Public key trust
  • Domain level trust
  • Certificate authority trust
  • Transitive trust (Correct)

Answer : Transitive trust

Which of the following can a security administrator implement on mobile devices that will help prevent unwanted people from viewing the data if the device is left unattendedX


Options are :

  • Screen lock (Correct)
  • Voice encryption
  • GPS tracking
  • Device encryption

Answer : Screen lock

A recently installed application update caused a vital application to crash during the middle of the workday. The application remained down until a previous version could be reinstalled on the server, and this resulted in a significant loss of data and revenue.Which of the following could BEST prevent this issue from occurring againX


Options are :

  • Application hardening
  • Application patch management (Correct)
  • Application access controls
  • Application configuration baselines

Answer : Application patch management

CompTIA Advanced Security Practitioner(CASP+) Practice Exams Set 2

Which of the following is the BEST way to prevent Cross-Site Request Forgery (XSRF) attacksX


Options are :

  • Use only cookies for authentication
  • Use only HTTPS URLs
  • Check the referrer field in the HTTP header (Correct)
  • Disable Flash content

Answer : Check the referrer field in the HTTP header

An IT security technician needs to establish host based security for company workstations. Which of the following will BEST meet this requirementX


Options are :

  • Implement OS hardening by applying GPOs. (Correct)
  • Implement IIS hardening by restricting service accounts.
  • Implement database hardening by applying vendor guidelines.
  • Implement perimeter firewall rules to restrict access.

Answer : Implement OS hardening by applying GPOs.

A way to assure data at-rest is secure even in the event of loss or theft is to use:


Options are :

  • Full device encryption. (Correct)
  • Access Control Lists.
  • Special permissions on the file system.
  • Trusted Platform Module integration.

Answer : Full device encryption.

CompTIA Advanced Security Practitioner(CASP+) Practice Exams Set 2

The BEST methods for a web developer to prevent the website application code from being vulnerable to cross-site request forgery (XSRF) are to: (Select TWO).


Options are :

  • Restrict and sanitize use of special characters in input and URLs. (Correct)
  • Use a web proxy to pass website requests between the user and the application.
  • Ensure all HTML tags are enclosed in angle brackets, e.g., < and >.
  • Permit redirection to Internet-facing web URLs.
  • Validate and filter input on the server side and client side. (Correct)

Answer : Restrict and sanitize use of special characters in input and URLs. Validate and filter input on the server side and client side.

Disabling unnecessary services, restricting administrative access, and enabling auditing controls on a server are forms of which of the followingX


Options are :

  • Cross-site scripting prevention
  • Creating a security baseline
  • System hardening (Correct)
  • Application patch management

Answer : System hardening

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions