CompTIA Security+ Certification (SY0-501): Practice Tests

All of the following are supporting elements of authorization, except:

Options are :

  • Credential validation (Correct)
  • Principle of least privilege
  • Separation of duties
  • Rights, permissions, and privileges

Answer : Credential validation

Explanation Validating credentials is an important aspect of authentication, not authorization.All of these elements directly support authorization.

Which of the following forms of authentication pass credentials in clear text and is not recommended for use?

Options are :

  • PAP (Correct)
  • CHAP
  • MS-CHAP
  • EAP

Answer : PAP

Explanation The Password Authentication Protocol (PAP) is an older authentication method that passes usernames and passwords in clear text. For this reason, it is no longer used.CHAP, the Challenge Handshake Authentication Protocol, uses password hashes and challenge methods to authenticate to the system. Passwords are not passed in clear text with this protocol. MS-CHAP (Microsoft CHAP) is a Microsoft proprietary version of CHAP, native to Windows systems. The Extensible Authentication Protocol (EAP) is a modern authentication framework that can use various authentication methods. It also does not pass username and password information in clear text.

CompTIA PD1-001 PDI+ Beta Certification Practice Exam Set 16

Your organization wants you to create and implement a policy that will detail proper use of its information systems during work hours. Which of the following is the best choice?

Options are :

  • Acceptable-use policy (Correct)
  • Due care
  • Service level agreement
  • Access control policies

Answer : Acceptable-use policy

Explanation An acceptable-use policy details what is (and is not) acceptable for users to do during their working hours, including personal use and unacceptable activities on the company network, such as gambling and pornography.Due care is an act performed by the company itself, and is not a user policy. Service level agreements are made between a company and a third party, such as a contractor or a supplier. Access control policies help protect against unauthorized access, both physical and logical, but they don?t discuss how users can and cannot use systems.

If a person knows a control exists, and this control keeps him or her from performing a malicious act, what type of control would this be classified as?

Options are :

  • Preventative control
  • Corrective control
  • Deterrent control (Correct)
  • Compensating control

Answer : Deterrent control

Explanation A deterrent control keeps someone from performing a malicious act, provided that he or she knows the control is there and is aware of the consequences for violating it.The difference between a deterrent control and a preventive control is that it is necessary for a potential attacker to have knowledge of the deterrent control for it to be effective. Users do not have to have knowledge of a preventative control for it to function. A corrective control is used to correct a condition when there is either no control at all, or when the existing control is ineffective. Normally, a corrective control is temporary until a more permanent solution is put into place. A compensating control assists and mitigates the risk when an existing control is unable to do so.

When information is converted to an unreadable state using cryptography, in what form is the information?

Options are :

  • Plaintext
  • Ciphertext (Correct)
  • Hash
  • Message digest

Answer : Ciphertext

Explanation Ciphertext is a result of the encryption process; it is encrypted text.Plaintext is unencrypted text. A hash or message digest is a cryptographic representation of variable length text, but it is not the text itself.

SY0-401 CompTIA Security+ Certification Practice Exam Set 1

What type of file, often sent with an e-mail message, can contain malicious code that can be downloaded and executed on a client?s computer?

Options are :

  • Cookie
  • Locally shared object
  • HTML attachment (Correct)
  • Cross-site script

Answer : HTML attachment

Explanation Any form of attachment is a risk. An HTML attachment is basically an HTML file that comes attached to an e-mail message. When a user clicks this attachment, it automatically spawns a browser session and could connect to a malicious Web site. Once the user is connected to the site, malicious code can be downloaded onto the user?s browser.Neither cookies, locally shared objects, nor cross-site scripts are attached to e-mail messages.

Marisol sees a tremendous amount of traffic on TCP port 389 from the Internet. Which TCP/IP service should she inspect first?

Options are :

  • SQL
  • LDAP (Correct)
  • HTTPS
  • TLS

Answer : LDAP

Explanation The Lightweight Directory Application Protocol (LDAP) uses TCP port 389.SQL is a query language for directories. HTTPS is the secure HTTP protocol for Web pages. TLS is an authentication/encryption protocol.

Which of the following is a form of intentional interference with a wireless network?

Options are :

  • Evil twin
  • SSID cloaking
  • MAC spoofing
  • Jamming (Correct)

Answer : Jamming

Explanation Jamming is an intentional interference with the signal of a wireless network. It is often part of a DoS attack.An evil twin attack is a rogue wireless access point set up to be nearly identical to a legitimate access point. SSID cloaking is a weak security measure designed to hide the broadcasting of a wireless network?s service set identifier. MAC spoofing is an attempt to impersonate another host by using its MAC address.

CompTIA JK0-015 E2C Security+ Certification Practice Test Set 4

Which of the following is a variant of a phishing attack, where a phishing e-mail is sent to a high-value target instead of on a mass scale to all employees?

Options are :

  • Whaling (Correct)
  • Spear phishing
  • Vishing
  • Pharming

Answer : Whaling

Explanation Whaling is a social engineering attack that targets people in high-value positions, such as senior executives. It is a form of a phishing attack.Spear phishing involves targeting a particular type of user, regardless of rank in the organization, and basing the attack on more detailed, in-depth information in order to convince the target that the phishing e-mail is actually valid. Vishing is a form of phishing attack that takes place over Voice-over-IP (VoIP) telephone systems. Pharming is a form of DNS attack.

Which of the following secure file copy protocols is used over an SSL or TLS connection?

Options are :

  • FTPS (Correct)
  • FTP
  • SCP
  • SFTP

Answer : FTPS

Explanation FTPS is a secure version of the non-secure FTP protocol and is used over SSL or TLS connections to ensure security when transferring files to or from an Internet-based host.FTP is a non-secure protocol used to copy files to and from Internet-based hosts. SCP is a secure copy protocol used to copy files securely to and from a networked host, and it uses SSH. SFTP is a secure file transfer protocol used to copy files to and from an Internet-based host, and it also uses SSH.

Which of the following statements best describes a buffer overflow attack?

Options are :

  • An attack that exceeds the memory allocated to an application for a particular function, causing it to crash. (Correct)
  • An attack that uses unexpected numerical results from a mathematical operation to overflow a buffer.
  • An attack on a database through vulnerabilities in the Web application, usually in user input fields.
  • An attack that involves sending malicious XML content to a Web application, taking advantage of any lack of input validation and XML parsing.

Answer : An attack that exceeds the memory allocated to an application for a particular function, causing it to crash.

Explanation A buffer overflow attack is an attack that exceeds the memory allocated to an application for a particular function, causing it to crash.While similar to a buffer overflow attack, answer B describes an integer overflow attack, which uses unexpected numerical results from a mathematical operation to overflow a buffer. An SQL injection attack is an attack on a database through vulnerabilities in the Web application, usually in user input fields. An XML injection attack involves sending malicious XML content to a Web application, taking advantage of any lack of input validation and XML parsing.

JK0-019 CompTIA E2C Network + Certification Exam Set 8

Which of the following is a key agreement protocol used in public key cryptography?

Options are :

  • ECDH (Correct)
  • RSA
  • AES
  • SHA-2

Answer : ECDH

Explanation Elliptic Curve Diffie-Hellman (ECDH) is a key exchange protocol used in public key cryptography. It is used to negotiate, agree upon, and establish a secure session between two parties.RSA (Rivest-Shamir-Adleman) is the most common public-private key generation algorithm used in public key cryptography. It is used to generate a public and private key pair. AES is the Advanced Encryption Standard, and it is not used in public key cryptography; it is a symmetric key cryptography algorithm. SHA-2 is the second iteration of the Secure Hashing Algorithm and is used to generate message digests for plaintext. It is not used in public key cryptography to exchange keys or establish secure sessions.

Which of the following types of public key cryptography uses a web of trust model?

Options are :

  • RSA
  • PGP (Correct)
  • DHE
  • AES

Answer : PGP

Explanation Pretty good privacy, or PGP, is commonly used between individuals or small groups of people, and it normally does not require a public key infrastructure. It uses a web of trust model, which means that each individual has to be able to trust every other individual who uses PGP to encrypt and decrypt data sent and received by them.RSA is the de-facto key generation protocol used in public key cryptography, and it is normally used in a public key infrastructure type of environment. Diffie-Hellman Exchange (DHE) is a key negotiation and agreement protocol that is used to exchange keys and establish a secure communications session. AES is a symmetric key protocol not used in public key cryptography.

Which of the following authentication protocols uses a series of tickets to authenticate users to resources, as well as timestamps to prevent replay attacks?

Options are :

  • Kerberos (Correct)
  • MS-CHAP
  • EAP
  • SESAME

Answer : Kerberos

Explanation Kerberos is an authentication protocol used in Windows Active Directory. It uses a series of tickets and timestamps to authenticate individuals and prevent replay attacks.MS-CHAP is a Microsoft version of the Challenge Handshake Authentication Protocol, used in earlier versions of Windows. It uses challenges and password hashes to authenticate individuals. EAP, the Extensible Authentication Protocol, is an authentication framework that can use several other protocols for secure access across both wired and wireless networks. SESAME (Secure European System for Applications in a Multivendor Environment) is a European-developed authentication protocol that can provide for single sign-on capability. It is not widely used and does not use tickets for authentication.

JK0-019 CompTIA E2C Network + Certification Exam Set 3

All of the following are considered duties of a first responder to an incident, except:

Options are :

  • Secure the scene
  • Notifying and coordinating with senior management and law enforcement officials (Correct)
  • Determining the initial scope and impact of the incident
  • Notifying the incident response team

Answer : Notifying and coordinating with senior management and law enforcement officials

Explanation Notifying and coordinating with senior management and law enforcement officials is normally the job of a senior leader within the incident response team.The primary job of a first responder is to secure the scene. They are also responsible for notifying the incident response team and initially determining the scope, seriousness, and impact of the incident.

What size WEP key did the original IEEE 802.11b specification use?

Options are :

  • 512-bit
  • 256-bit
  • 128-bit
  • 64-bit (Correct)

Answer : 64-bit

Explanation WEP key sizes are 64-bits (40-bit key and 24-bit initialization vector) or 128-bit (104-bit key and 24-bit initialization vector). The 802.11b standard called for a 64-bit key.Neither 512-bit nor 256-bit are valid WEP key sizes. The original 802.11b standard called for a 64-bit key; the 128-bit key was developed after this standard was issued.

Which of the following encryption protocols uses RC4 with small initialization vector sizes?

Options are :

  • WPA2
  • WEP (Correct)
  • WPA
  • 802.1X

Answer : WEP

Explanation WEP is a legacy wireless encryption protocol that has been determined to be very weak and easily broken. It uses the RC4 streaming protocol and weak initialization vectors (24-bit) to encrypt data on wireless networks.WPA2 is an advanced encryption protocol that uses AES. WPA was an interim protocol used to correct some of WEP?s weaknesses. It uses the TKIP protocol. 802.1X is a port-based authentication method, not a wireless encryption protocol.

HT0-201 CEA- CompTIA DHTI+ Certification Practice Exam Set 4

Which of the following details the specific access levels that individuals or entities may have when interacting with objects?

Options are :

  • Access approval list
  • Access control list (Correct)
  • Metadata table
  • Rule-based access control

Answer : Access control list

Explanation An access control list (ACL) is a physical or logical list that details specific access levels individuals or entities may have when interacting with objects. An ACL is also used on network devices to determine how traffic from various users can enter and exit a network device and access internal hosts.Access approval lists and metadata tables are distractors and are not valid terms. Rule-based access control is an access control model based upon various access control rules that apply to users, objects, and actions.

What type of organizations are the main users of an interconnection service agreement (ISA)?

Options are :

  • Telecommunication companies
  • End users
  • Government entities (Correct)
  • Satellite providers

Answer : Government entities

Explanation Government entities use ISAs as a more formal document than an MOU because contracts are not the primary method of agreements between entities of the same governement. Telecoms use Interconnection Agreements which are not ISAs.

What size is the initialization vector (IV) for the Temporal Key Integrity Protocol (TKIP), used in the WPA standard?

Options are :

  • 24-bit
  • 48-bit (Correct)
  • 64-bit
  • 128-bit

Answer : 48-bit

Explanation The IV size for TKIP is 48-bit.The only valid IV size for TKIP is 48-bit.

CompTIA Security+ Certification (SY0-501)

Which of the following is the biggest risk involved in cloud computing?

Options are :

  • Lack of control (Correct)
  • Lack of accountability
  • Lack of responsibility
  • Lack of availability

Answer : Lack of control

Explanation Lack of control over data and the infrastructure is probably the greatest risk to cloud computing.Accountability and responsibility can be established through effective security controls and well-written service-level agreements. Cloud computing usually increases availability of data for users, since it is typically built on highly available, redundant infrastructures.

A virtual LAN (VLAN) offers which of the following advantages for network security? (Choose two.)

Options are :

  • Allows logical segmentation of hosts. (Correct)
  • Creates broadcast domains.
  • Allows different security policies to be applied to different hosts. (Correct)
  • Allows physical segmentation of hosts by IP subnet.

Answer : Allows logical segmentation of hosts. Allows different security policies to be applied to different hosts.

Explanation VLANs offer the security advantage of logically segmenting hosts, and they allow different segments to receive different security policies.VLANs help eliminate broadcast domains, not create them. VLANs use logical segmentation, not physical segmentation.

Which of following is the process of marking a photo or other type of media with geographical location information using the GPS of a mobile device?

Options are :

  • Remote management
  • Geolocation
  • Geofencing
  • Geotagging (Correct)

Answer : Geotagging

Explanation Geotagging is the practice of marking media files, such as pictures and video, with relevant information such as geographic location (using the GPS features of the mobile device) and time. This information can be used by security professionals to track where and how a mobile device has been used.Remote management is the overall process of remotely managing and monitoring mobile devices that are used to connect to the corporate infrastructure. Geolocation is the use of a device?s GPS features to determine device location, to locate points of interest, and to gather other useful information. Although it can be used to geotag media, it is not the same as geotagging. Geofencing is the use of geolocation features to ensure that a mobile device does not leave specific areas of corporate property.

CompTIA Advanced Security Practitioner(CASP+) Practice Exams Set 2

All of the following are characteristics of hashing, except:

Options are :

  • Hashes are cryptographic representations of plaintext.
  • Hashes produce fixed-length digests for variable-length text.
  • Hashing can be used to protect data integrity.
  • Hashes are decrypted using the same algorithm and key that encrypted them. (Correct)

Answer : Hashes are decrypted using the same algorithm and key that encrypted them.

Explanation Hashes are produced from one-way mathematical functions and cannot be decrypted.All of these are characteristics of hashing.

All of the following are methods that can be used to detect unauthorized (rogue) hosts connected to the network, except:

Options are :

  • DHCP logs
  • MAC filtering logs (Correct)
  • NAC device logs
  • Switch logs

Answer : MAC filtering logs

Explanation MAC addresses can be spoofed, so examining MAC address on filtering logs may not provide any indication of whether a host is authorized or not.All of these are valid methods of detecting rogue hosts that connect to the network.

Which of the following is the simplest form of disaster recovery exercise?

Options are :

  • Tabletop exercise
  • Documentation review (Correct)
  • Full-scale test
  • Walkthrough test

Answer : Documentation review

Explanation The documentation review is the simplest form of test. In this type of test, the business continuity plan, disaster recovery plan, and associated documents are reviewed by relevant personnel including managers, recovery team members, and anyone else who may have responsibilities directly affecting plans.A tabletop exercise is a type of group review. In a full-scale test, all personnel are usually involved and may actually conduct activities as they would during a real incident. This type of test is more complex and normally requires extensive resources, such as people and equipment, so it is typically conducted infrequently. In a walkthrough test, team members go through the motions of fulfilling the responsibilities and conducting the activities required during an incident or disaster.

SK0-004 CompTIA Server+ Certification Practice Exam Set 9

You have a server that is used for Domain Name System (DNS) queries. You find that it has several open ports, and you intend to close all of the unnecessary ports on the server. The server is listening on ports 22, 25, 53, and 80. Which port must be left open to continue to use DNS functionality?

Options are :

  • 22
  • 25
  • 53 (Correct)
  • 80

Answer : 53

Explanation DNS uses TCP and UDP port 53, so this port should be left open. All other unnecessary ports should be closed.Port 22 is used by SSH. Port 25 is used by SMTP. Port 80 is used by HTTP.

Which of the following is not a characteristic of effective signage?

Options are :

  • Signage should follow national and international standards for symbols and colors.
  • Signage should be placed in well-lit areas and not obstructed by large objects.
  • Signage should warn intruders away from restricted areas.
  • Signage should indicate security checkpoints to report to in the event of an emergency requiring evacuation. (Correct)

Answer : Signage should indicate security checkpoints to report to in the event of an emergency requiring evacuation.

Explanation Signage should indicate the location and route to emergency evacuation exits, not security checkpoints, in the event of an emergency requiring evacuation.All of these are valid characteristics of good signage.

Which of the following is an example of a trusted OS?

Options are :

  • Windows 10
  • Ubuntu Linux
  • Windows Server
  • SELinux (Correct)

Answer : SELinux

Explanation SELinux is the only example, from the answers given, of a trusted operating system.These operating systems are not considered trusted operating systems, although they can be hardened to varying degrees.

CompTIA Security+ SY0-501 Questions & Answers Set 1

Which of the following concepts should be the most important consideration when determining how to budget properly for security controls?

Options are :

  • Asset identification
  • Threat of natural disasters
  • Risk likelihood and impact (Correct)
  • Qualitative costs

Answer : Risk likelihood and impact

Explanation The risk likelihood and impact should directly determine how much you budget for controls to prevent the occurrence of risk.Asset identification does not require analysis of cost. Risk likelihood and impact are more accurate than threat of natural disaster and qualitative costs in determining how much a solution will actually cost.

Which of the following are two characteristics of strong passwords? (Choose two.)

Options are :

  • Authentication methods
  • Password length (Correct)
  • Use of additional character space (Correct)
  • Encryption strength

Answer : Password length Use of additional character space

Explanation Password length and the use of additional character space are two important characteristics of password strength and complexity.Neither authentication methods nor encryption strength directly affects password strength.

Which of the following is normally required to convert and read coded messages?

Options are :

  • Symmetric key
  • Codebook (Correct)
  • Algorithm
  • Asymmetric key

Answer : Codebook

Explanation Codes are representations of an entire phrase or sentence, where ciphers are encrypted on a character-by-character basis. A codebook is needed to translate coded phrases into their true plaintext meanings.A symmetric key is used to encrypt ciphers, not codes, as are algorithms and asymmetric keys.

CAS-003 CompTIA Advanced Security Practitioner (CASP+) Exam Set 5

The corporate IT manager wants you to implement a process that separates corporate apps from personal apps on mobile devices. Which of the following techniques will enable you to do this?

Options are :

  • Whitelisting
  • Containerization
  • Sandboxing (Correct)
  • Blacklisting

Answer : Sandboxing

Explanation Sandboxing separates applications from one another and does not allow them to share execution, user, or data space.Whitelisting enables an administrator to determine which applications and other software the user is allowed to install and execute. Containerization is a technique used to separate different sensitivities of data, such as corporate and personal data on a mobile device. Blacklisting is a method that enables administrators to restrict users from installing and executing certain applications.

Which of the following is an older form of attack where a malicious/compromised Web site places invisible controls on a page, giving users the impression they are clicking some safe item that actually is an active control for something malicious?

Options are :

  • Header manipulation
  • Man-in-the-browser
  • Clickjacking (Correct)
  • Buffer overflow

Answer : Clickjacking

Explanation Clickjacking is almost never seen anymore as it's easy to detect this type of attack.Header manipulation means to add malicious information to HTTP headers. A man-in-the-browser attack means to add malicious information or code, often by using a Trojan horse. Buffer overflows attempt to access privilege escalation by forcing a buffer to cause an error.

Which of the following formal management efforts is designed to remediate security flaws discovered in applications and operating systems?

Options are :

  • Upgrade management
  • Account management
  • Patch management (Correct)
  • Change management

Answer : Patch management

Explanation Patch management is the formal effort designed to remediate vulnerabilities and other software flaws on a regular basis.Managing upgrades is part of a formal change and configuration management process. Account management is the process of provisioning and maintaining user accounts on the system. Change management is a formalized process that involves both long-term and short-term infrastructure changes, as well as configuration changes to hosts and networks.

SY0-401 CompTIA Security+ Certification Practice Exam Set 9

For which of the following should employees receive training to establish how they are to treat information of differing sensitivity levels?

Options are :

  • Clean desk policies
  • Protection of personally identifiable information on social media
  • Information classification (Correct)
  • Data disposal

Answer : Information classification

Explanation An organization?s information classification policy not only outlines what level of security protections certain data receives, but it also serves to instruct employees on how to treat sensitive data.Clean desk policies, which instruct employees to not leave sensitive data unattended, as well as data disposal policies, can be included in the information and data handling policies, but these are very specific instances and don?t cover all information or all scenarios where an employee would be in a position to treat data with care. Protection of personally identifiable information on social media would be part of an organization?s social media policy.

Which of the following two ways typically separate network hosts for security purposes? (Choose two.)

Options are :

  • Geographically
  • Physically (Correct)
  • Logically (Correct)
  • Functionally

Answer : Physically Logically

Explanation Networks are typically separated for security purposes either physically, logically, or both. Physical separation involves separating network hosts by connecting them to different devices. Logical separation involves separating them through segmented IP subnetworks.Separating network hosts either geographically or functionally does not contribute to security.

Which of the following is a point-in-time backup of certain key configuration settings of a virtual machine, allowing the VM to be restored back to that point in time if it suffers a crash or other issue?

Options are :

  • Snapshot (Correct)
  • Differential backup
  • Incremental backup
  • System state backup

Answer : Snapshot

Explanation A snapshot is a quick backup of critical configuration files, used by the hypervisor to restore the virtual machine back to its point-in-time status should it become unstable or suffer any other issues.Differential and incremental backups apply to entire systems and are used to back up only files that have changed since the last full backup. The system state backup is a Microsoft Windows type of backup that backs up critical files used by the operating system to restore it in the event of a system crash or other issue. Virtual machines can make use of all of these other types of backups, but they are not used by the hypervisor to restore the VM itself.

N10-006 CompTIA Network+ Certification Practice Test Set 7

Which of the following attacks might involve an attacker attempting to enter a facility with arms full of boxes, in an attempt to gain sympathy and have someone open the door for him or her?

Options are :

  • Shoulder surfing
  • Tailgating (Correct)
  • Dumpster diving
  • Impersonation

Answer : Tailgating

Explanation A tailgating person might use some sort of creative pretext to convince someone to open the door and allow him or her to enter without proper identification.Neither shoulder surfing nor dumpster diving are attempts to enter a facility. Impersonation could be used to enter a facility, but it is not being used to do so in this case.

Which of the following statements best defines the recovery point objective (RPO)?

Options are :

  • The RPO is the minimum amount of data the organization is expected to lose during a disaster or an incident.
  • The RPO is the maximum amount of time the organization can afford to be down from normal processing.
  • The RPO is the maximum allowable amount of data (measured in gigabytes) that the organization can afford to lose during a disaster or an incident.
  • The RPO is the maximum allowable amount of data (measured in terms of time) that the organization can afford to lose during a disaster or an incident. (Correct)
  • Virus

Answer : The RPO is the maximum allowable amount of data (measured in terms of time) that the organization can afford to lose during a disaster or an incident.

Explanation The RPO is the maximum allowable amount of data (measured in terms of time) that the organization can afford to lose during a disaster or an incident.The RPO is the maximum amount of data, not the minimum, that can be lost during a disaster or an incident. RPO refers to data that can be lost, not time itself. RPO is measured in time, not gigabytes.

If Bobby and Dawn exchange confidential encrypted e-mail messages using public and private key pairs, which of the following keys would Bobby need to encrypt confidential data in an e-mail message sent to Dawn?

Options are :

  • Bobby?s public key
  • Dawn?s private key
  • Bobby?s private key
  • Dawn?s public key (Correct)

Answer : Dawn?s public key

Explanation To encrypt information that Dawn can decrypt, using public and private key pairs, Bobby would need Dawn?s public key to encrypt data that only her private key can decrypt.Encrypting with Bobby?s public key would allow only Bobby?s private key to decrypt the data, and only he would possess that. Bobby would not possess Dawn?s private key to encrypt data to her, and then only her public key, which everyone would have, would be able to decrypt it, so there would be no confidentiality involved. Bobby would not use his private key to encrypt data, because only his public key can decrypt it, and everyone could have that key, so no confidentiality would be assured.

SY0-401 CompTIA Security+ Certification Practice Exam Set 4

Which type of cloud service is usually operated by a third-party provider that sells or rents ?pieces? of the cloud to different entities, such as small businesses or large corporations, to use as they need?

Options are :

  • External
  • Private
  • Community
  • Public (Correct)

Answer : Public

Explanation A public cloud is operated by a third-party provider who leases space in the cloud to anyone who needs it.An external cloud is not a valid type of cloud and could be a public, private, or community cloud. A private cloud is for use only by one organization and is usually hosted by that organization?s infrastructure. A community cloud is for use by similar organizations or communities, such as universities or hospitals, that need to share common data.

Which of the following are typically created for a single Web browsing session and are generally not carried across different sessions?

Options are :

  • Persistent cookies
  • Session cookies (Correct)
  • Locally shared objects
  • Flash cookies

Answer : Session cookies

Explanation Session cookies are used for a single Web browsing session only and are generally not carried across Web sessions.Persistent cookies are saved and used between various Web sessions. Locally shared objects, also called flash cookies, are used for Web sites that use Adobe Flash content, and they can be persistent.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions