CompTIA JK0-022 E2C Security+ Threats & Vulnerabilities Exam Set 7

A server with the IP address of 10.10.2.4 has been having intermittent connection issues. The logs show repeated connection attempts from the following IPs: These attempts are overloading the server to the point that it cannot respond to traffic. Which of the following attacks is occurring?


Options are :

  • Xmas
  • DDoS (Correct)
  • DoS
  • XSS

Answer : DDoS

Sara, a user, downloads a keygen to install pirated software. After running the keygen, system performance is extremely slow and numerous antivirus alerts are displayed. Which of the following BEST describes this type of malware?


Options are :

  • Adware
  • Logic bomb
  • Trojan (Correct)
  • Worm

Answer : Trojan

CompTIA JK0-801 A+ Networking & PC Hardware Practice Exam Set 10

Pete, a developer, writes an application. Jane, the security analyst, knows some things about the overall application but does not have all the details. Jane needs to review the software before it is released to production. Which of the following reviews should Jane conduct?


Options are :

  • White Box Testing
  • Business Impact Analysis
  • Gray Box Testing (Correct)
  • Black Box Testing

Answer : Gray Box Testing

Two programmers write a new secure application for the human resources department to store personal identifiable information. The programmers make the application available to themselves using an uncommon port along with an ID and password only they know. This is an example of which of the following?


Options are :

  • Spyware
  • Backdoor (Correct)
  • Root Kit
  • Logic Bomb

Answer : Backdoor

A distributed denial of service attack can BEST be described as:


Options are :

  • Multiple attackers attempting to gain elevated privileges on a target system.
  • Multiple computers attacking a single target in an organized attempt to deplete its resources. (Correct)
  • Invalid characters being entered into a field in a database application.
  • Users attempting to input random or invalid data into fields within a web browser application.

Answer : Multiple computers attacking a single target in an organized attempt to deplete its resources.

220-802 CompTIA A+ Certification Practice Exam Set 4

Which of the following malware types typically allows an attacker to monitor a user?s computer, is characterized by a drive-by download, and requires no user interaction?


Options are :

  • Virus
  • Logic bomb
  • Spyware (Correct)
  • Adware

Answer : Spyware

Which of the following malware types may require user interaction, does not hide itself, and is commonly identified by marketing pop-ups based on browsing habits?


Options are :

  • Botnet
  • Virus
  • Rootkit
  • Adware (Correct)

Answer : Adware

An IT auditor tests an application as an authenticated user. This is an example of which of the following types of testing?


Options are :

  • Black box
  • Gray box (Correct)
  • Penetration
  • White box

Answer : Gray box

JK0-019 CompTIA E2C Network + Certification Exam Set 5

Jane has recently implemented a new network design at her organization and wishes to passively identify security issues with the new network. Which of the following should Jane perform?


Options are :

  • Vulnerability assessment (Correct)
  • Penetration testing
  • Black box testing
  • White box testing

Answer : Vulnerability assessment

Pete, the security engineer, would like to prevent wireless attacks on his network. Pete has implemented a security control to limit the connecting MAC addresses to a single port. Which of the following wireless attacks would this address?


Options are :

  • ARP poisoning
  • Man-in-the-middle
  • Rogue access point (Correct)
  • Interference

Answer : Rogue access point

Which of the following tests a number of security controls in the least invasive manner?


Options are :

  • Threat assessment
  • Penetration test
  • Ping sweep
  • Vulnerability scan (Correct)

Answer : Vulnerability scan

Practice Exam : CompTIA A+ Certification 220-902

Which of the following is BEST utilized to identify common misconfigurations throughout the enterprise?


Options are :

  • Port scanning
  • Black box
  • Vulnerability scanning (Correct)
  • Penetration testing

Answer : Vulnerability scanning

Joe a company?s new security specialist is assigned a role to conduct monthly vulnerability scans across the network. He notices that the scanner is returning a large amount of false positives or failed audits. Which of the following should Joe recommend to remediate these issues?


Options are :

  • Ensure the vulnerability scanner is attempting to exploit the weaknesses it discovers
  • Ensure the vulnerability scanner is configured to authenticate with a privileged account
  • Ensure the vulnerability scanner is conducting antivirus scanning
  • Ensure the vulnerability scanner is located in a segmented VLAN that has access to the company?s servers (Correct)

Answer : Ensure the vulnerability scanner is located in a segmented VLAN that has access to the company?s servers

A process in which the functionality of an application is tested without any knowledge of the internal mechanisms of the application is known as:


Options are :

  • White box testing
  • Gray box testing
  • Black box testing (Correct)
  • Black hat testing

Answer : Black box testing

SY0-401 CompTIA Security+ Certification Practice Exam Set 8

An administrator is assigned to monitor servers in a data center. A web server connected to the Internet suddenly experiences a large spike in CPU activity. Which of the following is the MOST likely cause?


Options are :

  • Privilege escalation
  • Spyware
  • Trojan
  • DoS (Correct)

Answer : DoS

A user, Ann, is reporting to the company IT support group that her workstation screen is blank other than a window with a message requesting payment or else her hard drive will be formatted. Which of the following types of malware is on Ann?s workstation?


Options are :

  • Adware
  • Trojan
  • Spyware
  • Ransomware (Correct)

Answer : Ransomware

A security administrator wants to perform routine tests on the network during working hours when certain applications are being accessed by the most people. Which of the following would allow the security administrator to test the lack of security controls for those applications with the least impact to the system?


Options are :

  • Vulnerability scan (Correct)
  • Load testing
  • Penetration test
  • Port scanner

Answer : Vulnerability scan

CompTIA CySA+ Set 3

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions