CompTIA JK0-022 E2C Security Data & Host Security Exam Set 6

Which of the following technical controls helps to prevent Smartphones from connecting to a corporate network?

Options are :

  • Application white listing
  • Mobile device management (Correct)
  • Acceptable use policy
  • Remote wiping

Answer : Mobile device management

CAS-001 CompTIA Advanced Security Practitioner Practice Exam Set 7

Which of the following can be used on a smartphone to BEST protect against sensitive data loss if the device is stolen? (Select TWO).

Options are :

  • Tethering
  • Remote wipe (Correct)
  • Screen lock PIN
  • Device encryption (Correct)
  • Email password
  • GPS tracking

Answer : Remote wipe Device encryption

A company has purchased an application that integrates into their enterprise user directory for account authentication. Users are still prompted to type in their usernames and passwords. Which of the following types of authentication is being utilized here?

Options are :

  • Same sign-on (Correct)
  • Least privilege
  • Single sign-on
  • Separation of duties

Answer : Same sign-on

The call center supervisor has reported that many employees have been playing preinstalled games on company computers and this is reducing productivity. Which of the following would be MOST effective for preventing this behavior?

Options are :

  • Acceptable use policies
  • Host-based firewalls
  • Content inspection
  • Application whitelisting (Correct)

Answer : Application whitelisting

CompTIA JK0-801 A+ Networking & PC Hardware Practice Exam Set 11

The process of making certain that an entity (operating system, application, etc.) is as secure as it can be is known as:

Options are :

  • Stabilizing
  • Hardening (Correct)
  • Reinforcing
  • Toughening

Answer : Hardening

A network administrator is responsible for securing applications against external attacks. Every month, the underlying operating system is updated. There is no process in place for other software updates.Which of the following processes could MOST effectively mitigate these risks?

Options are :

  • Application change management
  • Application firewall review
  • Application patch management (Correct)
  • Application hardening

Answer : Application patch management

Without validating user input, an application becomes vulnerable to all of the following EXCEPT:

Options are :

  • Buffer overflow.
  • SQL injection.
  • Spear phishing. (Correct)
  • Command injection.

Answer : Spear phishing.

CompTIA JK0-018 Security+ E2C Certified Practice Exam Set 10

A network administrator is configuring access control for the sales department which has high employee turnover. Which of the following is BEST suited when assigning user rights to individuals in the sales department?

Options are :

  • Domain admin restrictions
  • User assigned privileges
  • Group based privileges (Correct)
  • Time of day restrictions

Answer : Group based privileges

A supervisor in the human resources department has been given additional job duties in the accounting department. Part of their new duties will be to check the daily balance sheet calculations on spreadsheets that are restricted to the accounting group. In which of the following ways should the account be handled?

Options are :

  • The supervisor should only maintain membership in the human resources group.
  • The supervisor should be added to the accounting group while maintaining their membership in the human resources group. (Correct)
  • The supervisor should be removed from the human resources group and added to the accounting group.
  • The supervisor should be allowed to have access to the spreadsheet files, and their membership in the human resources group should be terminated.

Answer : The supervisor should be added to the accounting group while maintaining their membership in the human resources group.

After Matt, a user enters his username and password at the login screen of a web enabled portal, the following appears on his screen: `Please only use letters and numbers on these fields? Which of the following is this an example of?

Options are :

  • Proper error handling
  • Proper input validation (Correct)
  • Improper error handling
  • Improper input validation

Answer : Proper input validation

CompTIA JK0-015 E2C Security+ Certification Practice Test Set 18

Human Resources suspect an employee is accessing the employee salary database. The administrator is asked to find out who it is. In order to complete this task, which of the following is a security control that should be in place?

Options are :

  • Shared accounts should be prohibited. (Correct)
  • Account lockout should be enabled
  • Time of day restrictions should be in use
  • Privileges should be assigned to groups rather than individuals

Answer : Shared accounts should be prohibited.

Sara, an application developer, implemented error and exception handling alongside input validation. Which of the following does this help prevent?

Options are :

  • Buffer overflow (Correct)
  • Pop-up blockers
  • Cross-site scripting
  • Fuzzing

Answer : Buffer overflow

Which of the following is a best practice for error and exception handling?

Options are :

  • Log detailed exception but display generic error message (Correct)
  • Log and display detailed error and exception messages
  • Do not log or display error or exception messages
  • Display detailed exception but log generic error message

Answer : Log detailed exception but display generic error message

220-902 CompTIA A+ Certification Practice Exam Set 4

Which of the following is an application security coding problem?

Options are :

  • Error and exception handling (Correct)
  • Patch management
  • Application fuzzing
  • Application hardening

Answer : Error and exception handling

A program displays: ERROR: this program has caught an exception and will now terminate. Which of the following is MOST likely accomplished by the program?s behavior?

Options are :

  • Operating system?s integrity is maintained (Correct)
  • User?s confidentiality is maintained
  • Program?s availability is maintained
  • Operating system?s scalability is maintained

Answer : Operating system?s integrity is maintained

A new network administrator is setting up a new file server for the company. Which of the following would be the BEST way to manage folder security?

Options are :

  • Assign data owners to each folder and allow them to add individual users to each folder
  • Assign users manually and perform regular user access reviews
  • Create security groups for each folder and assign appropriate users to each group (Correct)
  • Allow read only access to all folders and require users to request permission

Answer : Create security groups for each folder and assign appropriate users to each group

N10-006 CompTIA Network+ Certification Practice Test Set 6

An administrator discovers that many users have used their same passwords for years even though the network requires that the passwords be changed every six weeks. Which of the following, when used together, would BEST prevent users from reusing their existing password? (Select TWO).

Options are :

  • Non-dictionary words
  • Length of password
  • Minimum password age (Correct)
  • Password complexity
  • Password history (Correct)
  • Password expiration

Answer : Minimum password age Password history

A security analyst implemented group-based privileges within the company active directory. Which of the following account management techniques should be undertaken regularly to ensure least privilege principles?

Options are :

  • Verify SHA-256 for password hashes.
  • Perform user group clean-up. (Correct)
  • Leverage role-based access controls.
  • Verify smart card access controls.

Answer : Perform user group clean-up.

Several employee accounts appear to have been cracked by an attacker. Which of the following should the security administrator implement to mitigate password cracking attacks? (Select TWO).

Options are :

  • Implement monitoring of logins
  • Increase password length (Correct)
  • Implement password expiration
  • Implement password history
  • Increase password complexity (Correct)
  • Deploy an IDS to capture suspicious logins

Answer : Increase password length Increase password complexity

CompTIA Network+ 6 Certification Practice Exams - 2019 Set 9

Which of the following will allow Pete, a security analyst, to trigger a security alert because of a tracking cookie?

Options are :

  • Network based firewall
  • Host based firewall
  • Anti-spam software
  • Anti-spyware software (Correct)

Answer : Anti-spyware software

A system administrator has noticed that users change their password many times to cycle back to the original password when their passwords expire. Which of the following would BEST prevent this behavior?

Options are :

  • Enforce a minimum password age policy. (Correct)
  • Increase the password expiration time frame.
  • Assign users passwords based upon job role.
  • Prevent users from choosing their own passwords.

Answer : Enforce a minimum password age policy.

Which of the following describes purposefully injecting extra input during testing, possibly causing an application to crash?

Options are :

  • Application hardening
  • Fuzzing (Correct)
  • Exception handling
  • Input validation

Answer : Fuzzing

CompTIA JK0-022 E2C Security+ Threats & Vulnerabilities Exam Set 7

Fuzzing is a security assessment technique that allows testers to analyze the behavior of software applications under which of the following conditions?

Options are :

  • Parameterized input
  • Invalid output
  • Valid output
  • Unexpected input (Correct)

Answer : Unexpected input

Which of the following is the below pseudo-code an example of?

Options are :

  • Input validation (Correct)
  • Cross-site scripting prevention
  • Buffer overflow prevention
  • CSRF prevention

Answer : Input validation

Which of the following pseudocodes can be used to handle program exceptions?

Options are :

  • If program module crashes, then restart program module. (Correct)
  • If user?s input exceeds buffer length, then truncate the input.
  • If program detects another instance of itself, then kill program instance.
  • If user enters invalid input, then restart program.

Answer : If program module crashes, then restart program module.

CompTIA JK0-801 A+ Certification Part 2 Practice Exam Set 7

Input validation is an important security defense because it:

Options are :

  • enables verbose error reporting
  • prevents denial of service attacks.
  • protects mis-configured web servers.
  • rejects bad or malformed data. (Correct)

Answer : rejects bad or malformed data.

Which of the following is a common coding error in which boundary checking is not performed?

Options are :

  • Secure coding
  • Fuzzing
  • Input validation (Correct)
  • Cross-site scripting

Answer : Input validation

Which of the following is an important implementation consideration when deploying a wireless network that uses a shared password?

Options are :

  • Server certificate
  • Authentication server
  • EAP method
  • Key length (Correct)

Answer : Key length

FC0-U51 CompTIA IT Fundamentals Certification Exam Set 3

Methods to test the responses of software and web applications to unusual or unexpected inputs are known as:

Options are :

  • HTML encoding.
  • Web crawling.
  • Fuzzing. (Correct)
  • Brute force.

Answer : Fuzzing.

A security administrator wants to test the reliability of an application which accepts user provided parameters. The administrator is concerned with data integrity and availability. Which of the following should be implemented to accomplish this task?

Options are :

  • Fuzzing (Correct)
  • Secure coding
  • Input validation
  • Exception handling

Answer : Fuzzing

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions