CompTIA JK0-022 E2C Security+ Threats & Vulnerabilities Exam Set 3

Purchasing receives an automated phone call from a bank asking to input and verify credit card information. The phone number displayed on the caller ID matches the bank. Which of the following attack types is this?


Options are :

  • Vishing (Correct)
  • Hoax
  • Whaling
  • Phishing

Answer : Vishing

Which of the following can be used by a security administrator to successfully recover a user?s forgotten password on a password protected file?


Options are :

  • Cognitive password
  • Social engineering
  • Brute force (Correct)
  • Password sniffing

Answer : Brute force

CompTIA JK0-022 E2C Security+ Network Security Practice Exam Set 1

Pete?s corporation has outsourced help desk services to a large provider. Management has published a procedure that requires all users, when receiving support, to call a special number. Users then need to enter the code provided to them by the help desk technician prior to allowing the technician to work on their PC. Which of the following does this procedure prevent?


Options are :

  • Impersonation (Correct)
  • Transitive Access
  • Collusion
  • Pharming

Answer : Impersonation

Several users? computers are no longer responding normally and sending out spam email to the users? entire contact list. This is an example of which of the following?


Options are :

  • Logic bomb
  • Worm outbreak (Correct)
  • Botnet
  • Trojan virus

Answer : Worm outbreak

Users at a company report that a popular news website keeps taking them to a web page with derogatory content. This is an example of which of the following?


Options are :

  • DNS poisoning (Correct)
  • Evil twin
  • Session hijacking
  • Vishing

Answer : DNS poisoning

SY0-401 CompTIA Security+ Certification Practice Exam Set 2

Which of the following is characterized by an attacker attempting to map out an organization?s staff hierarchy in order to send targeted emails?


Options are :

  • Impersonation
  • Privilege escalation
  • Whaling (Correct)
  • Spear phishing

Answer : Whaling

A company?s employees were victims of a spear phishing campaign impersonating the CEO. The company would now like to implement a solution to improve the overall security posture by assuring their employees that email originated from the CEO. Which of the following controls could they implement to BEST meet this goal?


Options are :

  • Antivirus software
  • Digital signatures (Correct)
  • Spam filter
  • Digital certificates

Answer : Digital signatures

Several bins are located throughout a building for secure disposal of sensitive information. Which of the following does this prevent?


Options are :

  • Dumpster diving (Correct)
  • War driving
  • Tailgating
  • War chalking

Answer : Dumpster diving

CLO-001 CompTIA Cloud Essentials Certification Practice Test Set 4

Users are encouraged to click on a link in an email to obtain exclusive access to the newest version of a popular Smartphone. This is an example of.


Options are :

  • Scarcity (Correct)
  • Familiarity
  • Intimidation
  • Trust

Answer : Scarcity

A security administrator must implement all requirements in the following corporate policy: Passwords shall be protected against offline password brute force attacks. Passwords shall be protected against online password brute force attacks. Which of the following technical controls must be implemented to enforce the corporate policy? (Select THREE).


Options are :

  • Minimum password length (Correct)
  • Password complexity (Correct)
  • Account lockout (Correct)
  • Minimum password lifetime
  • Screen locks
  • Account expiration

Answer : Minimum password length Password complexity Account lockout

Jane, an individual, has recently been calling various financial offices pretending to be another person to gain financial information. Which of the following attacks is being described?


Options are :

  • Vishing (Correct)
  • Phishing
  • Pharming
  • Tailgating

Answer : Vishing

CompTIA JK0-022 E2C Security Data & Host Security Exam Set 3

Timestamps and sequence numbers act as countermeasures against which of the following types of attacks?


Options are :

  • Replay (Correct)
  • Vishing
  • DoS
  • Smurf

Answer : Replay

A recent spike in virus detections has been attributed to end-users visiting www.compnay.com. The business has an established relationship with an organization using the URL of www.company.com but not with the site that has been causing the infections. Which of the following would BEST describe this type of attack?


Options are :

  • Session hijacking
  • Cross-site scripting
  • Spear phishing
  • Typo squatting (Correct)

Answer : Typo squatting

At the outside break area, an employee, Ann, asked another employee to let her into the building because her badge is missing. Which of the following does this describe?


Options are :

  • Whaling
  • Shoulder surfing
  • Impersonation
  • Tailgating (Correct)

Answer : Tailgating

Practice : CompTIA Cloud+ Certification

Which of the following BEST describes the type of attack that is occurring?


Options are :

  • Smurf Attack (Correct)
  • Man in the middle
  • Backdoor
  • Replay

Answer : Smurf Attack

Which of the following would BEST deter an attacker trying to brute force 4-digit PIN numbers to access an account at a bank teller machine?


Options are :

  • Account expiration settings
  • PIN history requirements
  • Account lockout settings (Correct)
  • Complexity of PIN

Answer : Account lockout settings

A computer supply company is located in a building with three wireless networks. The system security team implemented a quarterly security scan and saw the following.Which of the following is this an example of?


Options are :

  • Jamming
  • Near field communication
  • Packet sniffing
  • Rogue access point (Correct)

Answer : Rogue access point

CompTIA JK0-015 E2C Security+ Certification Practice Test Set 6

Sara, a security administrator, is noticing a slow down in the wireless network response. Sara launches a wireless sniffer and sees a large number of ARP packets being sent to the AP. Which of the following type of attacks is underway?


Options are :

  • Interference
  • Blue jacking
  • Packet sniffing
  • IV attack (Correct)

Answer : IV attack

CompTIA JK0-017 E2C Project+ Certification Practice Exam Set 2

A victim is logged onto a popular home router forum site in order to troubleshoot some router configuration issues. The router is a fairly standard configuration and has an IP address of 192.168.1.1. The victim is logged into their router administrative interface in one tab and clicks a forum link in another tab. Due to clicking the forum link, the home router reboots. Which of the following attacks MOST likely occurred?


Options are :

  • Fuzzing
  • Brute force password attack
  • Cross-site request forgery (Correct)
  • Cross-site scripting

Answer : Cross-site request forgery

Which of the following describes how Sara, an attacker, can send unwanted advertisements to a mobile device?


Options are :

  • Bluejacking (Correct)
  • Packet sniffing
  • Bluesnarfing
  • Man-in-the-middle

Answer : Bluejacking

After a user performed a war driving attack, the network administrator noticed several similar markings where WiFi was available throughout the enterprise. Which of the following is the term used to describe these markings?


Options are :

  • War chalking (Correct)
  • IV attack
  • Rogue access points
  • War dialing

Answer : War chalking

CompTIA JK0-801 A+ Certification Practical Exam Set 4

Joe, an employee is taking a taxi through a busy city and starts to receive unsolicited files sent to his Smartphone. Which of the following is this an example of?


Options are :

  • Vishing
  • Bluejacking (Correct)
  • War Driving
  • SPIM

Answer : Bluejacking

While opening an email attachment, Pete, a customer, receives an error that the application has encountered an unexpected issue and must be shut down. This could be an example of which of the following attacks?


Options are :

  • Buffer overflow (Correct)
  • Directory traversal
  • Cross-site scripting
  • Header manipulation

Answer : Buffer overflow

The system administrator has been notified that many users are having difficulty connecting to the company?s wireless network. They take a new laptop and physically go to the access point and connect with no problems. Which of the following would be the MOST likely cause?


Options are :

  • The certificate used to authenticate users has been compromised and revoked.
  • An unauthorized access point has been configured to operate on the same channel. (Correct)
  • Multiple war drivers in the parking lot have exhausted all available IPs from the pool to deny access
  • An attacker has gained access to the access point and has changed the encryption keys.

Answer : An unauthorized access point has been configured to operate on the same channel.

SK0-004 CompTIA Server+ Certification Practice Exam Set 7

Matt, an administrator, is concerned about the wireless network being discovered by war driving. Which of the following can be done to mitigate this?


Options are :

  • Move all access points into public access areas
  • Disable all SSID broadcasting. (Correct)
  • Enforce a policy for all users to authentic through a biometric device.
  • Ensure all access points are running the latest firmware

Answer : Disable all SSID broadcasting.

Which of the following types of application attacks would be used to specifically gain unauthorized information from databases that did not have any input validation implemented?


Options are :

  • SQL injection (Correct)
  • Buffer overflow and XSS
  • Cookies and attachments
  • Session hijacking and XML injection

Answer : SQL injection

The practice of marking open wireless access points is called which of the following?


Options are :

  • War chalking (Correct)
  • War driving
  • Evil twin
  • War dialing

Answer : War chalking

CompTIA 220-801 A+ Advanced Certification Practice Exam Set 9

Which of the following BEST describes a protective countermeasure for SQL injection?


Options are :

  • Installing an IDS to monitor network traffic
  • Validating user input in web applications (Correct)
  • Placing a firewall between the Internet and database servers
  • Eliminating cross-site scripting vulnerabilities

Answer : Validating user input in web applications

An administrator has advised against the use of Bluetooth phones due to bluesnarfing concerns. Which of the following is an example of this threat?


Options are :

  • Unauthorized intrusions into the phone to access data (Correct)
  • An attacker using the phone remotely for spoofing other phone numbers
  • An attacker using exploits that allow the phone to be disabled
  • The Bluetooth enabled phone causing signal interference with the network

Answer : Unauthorized intrusions into the phone to access data

Which of the following wireless protocols could be vulnerable to a brute-force password attack? (Select TWO).


Options are :

  • WPA - EAP - TLS
  • WPA - LEAP (Correct)
  • WPA -CCMP
  • WPA2-PSK (Correct)
  • WPA2-CCMP
  • WEP

Answer : WPA - LEAP WPA2-PSK

CompTIA A+ (220-1001) Test Prep, Exams and Simulations Set 4

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions