CompTIA JK0-022 E2C Security+ Threats & Vulnerabilities Exam Set 2

Which of the following is the MOST intrusive type of testing against a production system?


Options are :

  • Penetration testing (Correct)
  • War dialing
  • Vulnerability testing
  • White box testing

Answer : Penetration testing

220-701 A+ Essentials Certification Practice Exam Set 8

Which of the following assessment techniques would a security administrator implement to ensure that systems and software are developed properly?


Options are :

  • Design reviews (Correct)
  • Determine attack surface
  • Input validation
  • Baseline reporting

Answer : Design reviews

A financial company requires a new private network link with a business partner to cater for realtime and batched data flows. Which of the following activities should be performed by the IT security staff member prior to establishing the link?


Options are :

  • Baseline reporting
  • Code review
  • Design review (Correct)
  • SLA reporting

Answer : Design review

Which of the following would a security administrator implement in order to identify change from the standard configuration on a server?


Options are :

  • Baseline review (Correct)
  • Penetration test
  • Design review
  • Code review

Answer : Baseline review

Ethical Hacking and CompTIA PenTest+ with 2 Practice Tests Set 2

Several users report to the administrator that they are having issues downloading files from the file server. Which of the following assessment tools can be used to determine if there is an issue with the file server?


Options are :

  • Access list
  • Baselines (Correct)
  • MAC filter list
  • Recovery agent

Answer : Baselines

A security administrator wants to get a real time look at what attackers are doing in the wild, hoping to lower the risk of zero-day attacks. Which of the following should be used to accomplish this goal?


Options are :

  • Vulnerability scanning
  • Honeynets (Correct)
  • Penetration testing
  • Baseline reporting

Answer : Honeynets

Jane, a security analyst, is reviewing logs from hosts across the Internet which her company uses to gather data on new malware. Which of the following is being implemented by Jane?s company?


Options are :

  • Vulnerability scanner
  • Protocol analyzer
  • Port scanner
  • Honeynet (Correct)

Answer : Honeynet

CompTIA Security+ Certification (SY0-501): Sample Tests

Based on information leaked to industry websites, business management is concerned that unauthorized employees are accessing critical project information for a major, wellknown new product. To identify any such users, the security administrator could:


Options are :

  • Block access to the project documentation using a firewall
  • Increase antivirus coverage of the project servers
  • Apply security updates and harden the OS on all project servers.
  • Set up a honeypot and place false project documentation on an unsecure share (Correct)

Answer : Set up a honeypot and place false project documentation on an unsecure share

An administrator is concerned that a company?s web server has not been patched. Which of the following would be the BEST assessment for the administrator to perform?


Options are :

  • Virus scan
  • Vulnerability scan (Correct)
  • Risk assessment
  • Network sniffer

Answer : Vulnerability scan

Which of the following can Joe, a security administrator, implement on his network to capture attack details that are occurring while also protecting his production network?


Options are :

  • Protocol analyzer
  • Honeypot (Correct)
  • Audit logs
  • Security logs

Answer : Honeypot

CompTIA PD1-001 PDI+ Beta Certification Practice Exam Set 11

A security administrator notices large amounts of traffic within the network heading out to an external website. The website seems to be a fake bank site with a phone number that when called, asks for sensitive information. After further investigation, the security administrator notices that a fake link was sent to several users. This is an example of which of the following attacks?


Options are :

  • SPAM
  • Phishing (Correct)
  • Whaling
  • Vishing

Answer : Phishing

CompTIA CySA+ (CS0-001) 5 Practice Certification Exams Set 4

Which of the following will help prevent smurf attacks?


Options are :

  • Flash the BIOS with the latest firmware
  • Allowing necessary UDP packets in and out of the network
  • Disabling directed broadcast on border routers (Correct)
  • Disabling unused services on the gateway firewall

Answer : Disabling directed broadcast on border routers

A user has unknowingly gone to a fraudulent site. The security analyst notices the following system change on the user?s host:Which of the following attacks has taken place?


Options are :

  • Vishing
  • Pharming (Correct)
  • Phishing
  • Spear phishing

Answer : Pharming

Mike, a user, states that he is receiving several unwanted emails about home loans. Which of the following is this an example of?


Options are :

  • Spam (Correct)
  • Spear phishing
  • Spoofing
  • Hoaxes

Answer : Spam

CompTIA JK0-015 E2C Security+ Certification Practice Test Set 9

A security administrator forgets their card to access the server room. The administrator asks a coworker if they could use their card for the day. Which of the following is the administrator using to gain access to the server room?


Options are :

  • Spoofing
  • Tailgating
  • Impersonation (Correct)
  • Man-in-the-middle

Answer : Impersonation

Which of the following is where an unauthorized device is found allowing access to a network?


Options are :

  • Rogue access point (Correct)
  • Honeypot
  • Bluesnarfing
  • IV attack

Answer : Rogue access point

Which of the following wireless security measures can an attacker defeat by spoofing certain properties of their network interface card?


Options are :

  • WEP
  • MAC filtering (Correct)
  • Disabled SSID broadcast
  • TKIP

Answer : MAC filtering

CompTIA JK0-015 E2C Security+ Certification Practice Test Set 5

Ann an employee is visiting Joe, an employee in the Human Resources Department. While talking to Joe, Ann notices a spreadsheet open on Joe?s computer that lists the salaries of all employees in her department. Which of the following forms of social engineering would BEST describe this situation?


Options are :

  • Dumpster diving
  • Impersonation
  • Tailgating
  • Shoulder surfing (Correct)

Answer : Shoulder surfing

All executive officers have changed their monitor location so it cannot be easily viewed when passing by their offices. Which of the following attacks does this action remediate?


Options are :

  • Impersonation
  • Shoulder Surfing (Correct)
  • Whaling
  • Dumpster Diving

Answer : Shoulder Surfing

Purchasing receives a phone call from a vendor asking for a payment over the phone. The phone number displayed on the caller ID matches the vendor?s number. When the purchasing agent asks to call the vendor back, they are given a different phone number with a different area code. Which of the following attack types is this?


Options are :

  • Whaling
  • Spear phishing
  • Hoax
  • Impersonation (Correct)

Answer : Impersonation

CompTIA JK0-801 A+ Laptops Printers and Operational Exam Set 4

Ann, the network administrator, has learned from the helpdesk that employees are accessing the wireless network without entering their domain credentials upon connection. Once the connection is made, they cannot reach any internal resources, while wired network connections operate smoothly. Which of the following is MOST likely occurring?


Options are :

  • A user has plugged in a personal access point at their desk to connect to the network wirelessly.
  • The company is currently experiencing an attack on their internal DNS servers.
  • The company?s WEP encryption has been compromised and WPA2 needs to be implemented instead.
  • An attacker has installed an access point nearby in an attempt to capture company information. (Correct)

Answer : An attacker has installed an access point nearby in an attempt to capture company information.

Which of the following attacks targets high level executives to gain company information?


Options are :

  • Spoofing
  • Whaling (Correct)
  • Phishing
  • Vishing

Answer : Whaling

Ann, an employee, is cleaning out her desk and disposes of paperwork containing confidential customer information in a recycle bin without shredding it first. This is MOST likely to increase the risk of loss from which of the following attacks?


Options are :

  • Dumpster diving (Correct)
  • Tailgating
  • Spoofing
  • Shoulder surfing

Answer : Dumpster diving

CompTIA CySA+ (CS0-001) 5 Practice Certification Exams Set 1

An investigator recently discovered that an attacker placed a remotely accessible CCTV camera in a public area overlooking several Automatic Teller Machines (ATMs). It is also believed that user accounts belonging to ATM operators may have been compromised. Which of the following attacks has MOST likely taken place?


Options are :

  • Dumpster diving
  • Whaling attack
  • Vishing attack
  • Shoulder surfing (Correct)

Answer : Shoulder surfing

Physical documents must be incinerated after a set retention period is reached. Which of the following attacks does this action remediate?


Options are :

  • Impersonation
  • Phishing
  • Dumpster Diving (Correct)
  • Shoulder Surfing

Answer : Dumpster Diving

Using proximity card readers instead of the traditional key punch doors would help to mitigate:


Options are :

  • Shoulder surfing (Correct)
  • Dumpster diving
  • Tailgating
  • Impersonation

Answer : Shoulder surfing

CompTIA JK0-801 A+ Networking & PC Hardware Practice Exam Set 4

Which of the following BEST describes the type of attack that is occurring? (Select TWO).


Options are :

  • Backdoor
  • DNS spoofing (Correct)
  • ARP attack (Correct)
  • Replay
  • Man-in-the-middle

Answer : DNS spoofing ARP attack

Which of the following is described as an attack against an application using a malicious file?


Options are :

  • Client side attack (Correct)
  • Phishing attack
  • Spam
  • Impersonation attack

Answer : Client side attack

A database administrator receives a call on an outside telephone line from a person who states that they work for a well-known database vendor. The caller states there have been problems applying the newly released vulnerability patch for their database system, and asks what version is being used so that they can assist. Which of the following is the BEST action for the administrator to take?


Options are :

  • Give the caller the database version and patch level so that they can receive help applying the patch.
  • Call the police to report the contact about the database systems, and then check system logs for attack attempts.
  • Obtain the vendor?s email and phone number and call them back after identifying the number of systems affected by the patch.
  • Thank the caller, report the contact to the manager, and contact the vendor support line to verify any reported patch issues. (Correct)

Answer : Thank the caller, report the contact to the manager, and contact the vendor support line to verify any reported patch issues.

CompTIA Security+ Certification (SY0-501): Practice Tests

Sara, an attacker, is recording a person typing in their ID number into a keypad to gain access to the building. Sara then calls the helpdesk and informs them that their PIN no longer works and would like to change it. Which of the following attacks occurred LAST?


Options are :

  • Tailgating
  • Impersonation (Correct)
  • Shoulder surfing
  • Phishing

Answer : Impersonation

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions