CompTIA Security+ Cert. (SY0-501): Practice Tests 2019 Set 6

A developer is creating an application that will encrypt and decrypt data on mobile devices. These devices donít have a lot of processing power. Which of the following cryptographic methods has the LEAST overhead and will work with these mobile devices?



Options are :

  • B. 3DES
  • D. Bcrypt
  • A. Elliptic curve (Correct)
  • C. PBKDF2

Answer : A. Elliptic curve

SY0-401 CompTIA Security+ Certification Practice Exam Set 4

Your company wants to control access to a restricted area of the building by adding an additional physical security control that includes facial recognition. Which of the following provides the BEST solution?



Options are :

  • D. Cameras
  • C. Retina scanners
  • A. Bollards
  • B. Guards (Correct)

Answer : B. Guards

Lisa is a training instructor and she maintains a training lab with 18 computers. She has enough rights and permissions on these machines so that she can configure them as needed for classes. However, she does not have the rights to add them to the organizationís domain. Which of the following choices BEST describes this example?



Options are :

  • C. Group-based privileges
  • D. Location-based policies
  • B. Need to know
  • A. Least privilege (Correct)

Answer : A. Least privilege

An attacker has been analyzing encrypted data that he intercepted. He knows that the end of the data includes a template sent with all similar messages. He uses this knowledge to decrypt the message. Which of the following types of attacks BEST describes this attack?



Options are :

  • B. Known plaintext (Correct)
  • C. Brute force
  • D. Rainbow table
  • A. Known ciphertext

Answer : B. Known plaintext

CompTIA Network+ 6 Certification Practice Exams - 2019 Set 11

After a major data breach, Lisa has been tasked with reviewing security policies related to data loss. Which of the following is MOST closely related to data loss?



Options are :

  • D. Background check policy
  • A. Clean desk policy (Correct)
  • C. Job rotation policy
  • B. Legal hold policy

Answer : A. Clean desk policy

Your organization is planning to implement remote access capabilities. Management wants strong authentication and wants to ensure that passwords expire after a predefined time interval. Which of the following choices BEST meets this requirement?



Options are :

  • C. CAC
  • B. TOTP (Correct)
  • D. Kerberos
  • A. HOTP

Answer : B. TOTP

Social engineers have launched several successful phone-based attacks against your organization resulting in several data leaks. Which of the following would be MOST effective at reducing the success of these attacks?


Options are :

  • D. Implement a program to increase security awareness. (Correct)
  • A. Implement a BYOD policy.
  • C. Provide training on data handling.
  • B. Update the AUP.

Answer : D. Implement a program to increase security awareness.

JK0-017 CompTIA E2C Project+ Certification Practice Exam Set 14

Your organization includes an e-commerce web site used to sell digital products. You are tasked with evaluating all the elements used to support this web site. What are you performing?



Options are :

  • C. Threat assessment
  • D. Supply chain assessment (Correct)
  • B. Qualitative assessment
  • A. Quantitative assessment

Answer : D. Supply chain assessment

You need to modify the network infrastructure to increase availability of web-based applications for Internet clients. Which of the following choices provides the BEST solution?



Options are :

  • B. Proxy server
  • D. Content inspection
  • C. UTM
  • A. Load balancing (Correct)

Answer : A. Load balancing

Your organization recently updated a security policy. It states that duties of network administrators and application developers must be separated. Which of the following is the MOST likely result of implementing this policy?



Options are :

  • D. One group develops databases and the other group modifies databases.
  • B. One group develops program code and the other group modifies the code.
  • A. One group develops program code and the other group deploys the code. (Correct)
  • C. One group deploys program code and the other group administers databases.

Answer : A. One group develops program code and the other group deploys the code.

CompTIA JK0-801 A+ Certification Practical Exam Set 6

An organization needs to improve fault tolerance to increase data availability. However, the organization has a limited budget. Which of the following is the BEST choice to meet the organizationís needs?



Options are :

  • C. Hot and cold aisles
  • A. RAID (Correct)
  • D. UPS
  • B. Backup system

Answer : A. RAID

An organization is preparing to hire additional network administrators. They decide to perform background checks on all

personnel after obtaining written permission. Which of the following items is NOT appropriate to include in a background check?



Options are :

  • D. Medical history (Correct)
  • C. Financial history
  • A. Social media presence
  • B. Criminal background

Answer : D. Medical history

Your organization is planning to implement a wireless network using WPA2 Enterprise. Of the following choices, what is required?



Options are :

  • D. An authentication server with WEP running on the access point
  • B. An authentication server with DHCP installed on the authentication server
  • A. An authentication server with a digital certificate installed on the authentication server (Correct)
  • C. An authentication server with DNS installed on the authentication server

Answer : A. An authentication server with a digital certificate installed on the authentication server

SY0-401 CompTIA Security+ Certification Practice Exam Set 2

A web site is using a certificate. Users have recently been receiving  errors from the web site indicating that the web siteís certificate is revoked. Which of the following includes a list of certificates that have been revoked?



Options are :

  • D. CSR
  • C. OCSP
  • B. CA
  • A. CRL (Correct)

Answer : A. CRL

Bart recently sent out confidential data via email to potential competitors. Management suspects he did so accidentally, but Bart denied sending the data. Management wants to implement a method that would prevent Bart from denying accountability in the future. Which of the following are they trying to enforce?



Options are :

  • D. Non-repudiation (Correct)
  • A. Confidentiality
  • B. Encryption
  • C. Access control

Answer : D. Non-repudiation

A one-way function converts data into a string of characters. It is not possible to convert this string of characters back to the original state. What type of function is this?



Options are :

  • A. Symmetric encryption
  • D. Hashing (Correct)
  • C. Stream cipher
  • B. Asymmetric encryption

Answer : D. Hashing

SY0-401 CompTIA Security+ Certification Practice Exam Set 5

Your organization wants to increase security for VoIP and video teleconferencing applications used within the network. Which of the following protocols will BEST support this goal?



Options are :

  • B. TLS
  • C. SFTP
  • D. SRTP (Correct)
  • A. SMTP

Answer : D. SRTP

Management within your organization wants to create a small network used by executives only. They want to ensure that this network is completely isolated from the main network. Which of the following choices BEST meets this need?



Options are :

  • B. Mantrap
  • A. Airgap (Correct)
  • D. Infrared motion detectors
  • C. Control diversity

Answer : A. Airgap

An attacker has captured a database filled with hashes of randomly generated passwords. Which of the following attacks is MOST likely to crack the largest number of passwords in this database?



Options are :

  • A. Dictionary attack
  • B. Birthday attack
  • D. Rainbow tables (Correct)
  • C. Brute force attack

Answer : D. Rainbow tables

SY0-401 CompTIA Security+ Certification Practice Exam Set 4

Dr. Terwilliger installed code designed to run if he ever lost his job as a sidekick on a television show. The code will create a new account with credentials that only he knows three days after his original account is deleted. Which type of account does this code create?



Options are :

  • D. Ransomware
  • B. Logic bomb
  • A. Backdoor (Correct)
  • C. Rootkit

Answer : A. Backdoor

An application developer needs to use an encryption protocol to encrypt credit card data within a database used by the application. Which of the following would be the FASTEST, while also providing strong confidentiality?



Options are :

  • D. SHA-2
  • C. Blowfish (Correct)
  • B. DES
  • A. AES-256

Answer : C. Blowfish

An attacker is attempting to write more data into a web applicationís memory than it can handle. Which type of attack is this?



Options are :

  • C. Pass the hash
  • B. DLL injection
  • D. Buffer overflow (Correct)
  • A. XSRF

Answer : D. Buffer overflow

SK0-004 CompTIA Server+ Certification Practice Exam Set 3

You need to identify a method that can be used for data integrity. Which of the following choices will meet your needs?



Options are :

  • D. SHA (Correct)
  • A. AES
  • B. DES
  • C. RC4

Answer : D. SHA

An administrator recently learned of a suspected attack on a Floridabased web server from IP address 72.52.206.134 at 01:45:43 GMT. However, after investigating the logs, he doesnít see any traffic from that IP at that time. Which of the following is the MOST likely reason why the administrator was unable to identify the traffic?



Options are :

  • C. The IP address has expired.
  • B. He did not capture an image.
  • D. The logs were erased when the system was rebooted.
  • A. He did not account for time offsets. (Correct)

Answer : A. He did not account for time offsets.

An organization has a critical SCADA network it is using to manage a water treatment plant for a large city. Availability of this system is important. Which of the following security controls would be MOST relevant to protect this system?



Options are :

  • C. EMP
  • B. TPM
  • D. NIPS (Correct)
  • A. DLP

Answer : D. NIPS

SY0-401 CompTIA Security+ Certification Practice Exam Set 4

A forensic expert is preparing to analyze a hard drive. Which of the following should the expert do FIRST?



Options are :

  • A. Capture an image. (Correct)
  • C. Create a chain of custody document.
  • B. Identify the order of volatility.
  • D. Take a screenshot.

Answer : A. Capture an image.

Users in your organization sign their emails with digital signatures. Which of the following provides integrity for these digital signatures?



Options are :

  • A. Hashing (Correct)
  • B. Encryption
  • C. Non-repudiation
  • D. Private key

Answer : A. Hashing

A penetration tester is running several tests on a server within your organizationís DMZ. The tester wants to identify the operating system of the remote host. Which of the following tools or methods are MOST likely to provide this information?



Options are :

  • B. Vulnerability scan
  • C. Password cracker
  • D. Protocol analyzer
  • A. Banner grabbing (Correct)

Answer : A. Banner grabbing

SK0-004 CompTIA Server+ Certification Practice Exam Set 6

After a recent attack causing a data breach, an executive is analyzing the financial losses. She determined that the attack is likely to cost at least $1 million. She wants to ensure that this information is documented for future planning purposes. In which of the following is she MOST likely to document it?



Options are :

  • A. DRP
  • C. HVAC
  • D. RTO
  • B. BIA (Correct)

Answer : B. BIA

You need to perform tests on your network to identify missing security controls. However, you want to have the least impact on systems that users are accessing. Which of the following tools is the BEST to meet this need?



Options are :

  • C. Ping scan
  • B. Vulnerability scan (Correct)
  • A. A syn stealth scan
  • D. Penetration test

Answer : B. Vulnerability scan

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions