CompTIA Security+ SY0-501 Exam Preparation (Latest Version) Set 1

You are in the onboarding process with a new employer. Your new manager has asked you to review and sign a document that outlines how you can use their IT systems and what types of uses are not permitted.

What type of policy document is this?

Options are :

  • B) Email and access policy
  • D) Adverse actions policy
  • A) Social media policy
  • C) Acceptable use policy

Answer :C) Acceptable use policy

CAS-001 CompTIA Advanced Security Practitioner Practice Exam Set 9

Which of the following answers lists an example of spyware?

Options are :

  • c) Computer worm
  • b) Vulnerability scanner
  • d) Packet sniffer
  • a) Key logger

Answer :a) Key logger

Malicious code activated by a specific event is called:

Options are :

  • b) Logic bomb
  • a) Backdoor
  • c) Dropper
  • d) Retrovirus

Answer :b) Logic bomb

You are a member of the security team in the IT Infrastructure department at a manufacturer. You have received a ticket from the network architecture team who have requested your approval of a proposed network change. The change is to replace a network device that allows internal servers to make requests to the internet without external systems being able to determine what internal server made the original request.

What type of system is being changed?

Options are :

  • D) Proxy
  • B) Switch
  • A) Firewall
  • C) Router

Answer :D) Proxy

CAS-003 CompTIA Advanced Security Practitioner (CASP+) Exam Set 2

Your bank has contacted you and informed you they recognized an unusual login with your username and password on their website. As a precaution they have locked your account and stated the login came from a foreign country. You run a security scan on your PC which finds malware. The description of the malware states that it intercepts normal web traffic from your browser executable.

What type of attack best describes this?

Options are :

  • D) Main-in-the-browser
  • B) Amplification
  • A) Consensus attack
  • C) Domain hijacking

Answer :D) Main-in-the-browser

What is adware?

Options are :

  • d) Malicious software that collects information about users without their knowledge
  • a) Unsolicited or undesired electronic messages
  • c) Software that displays advertisements
  • b) Malicious program that sends copies of itself to other computers on the network

Answer :c) Software that displays advertisements

What type of DOS attack sends a large number of new TCP requests to a server in order to overwhelm it with unused open sessions?

Options are :

  • D) SYN Flood
  • A) DDoS
  • B) Session hijacking
  • C) Spanning tree

Answer :D) SYN Flood

CAS-003 CompTIA Advanced Security Practitioner (CASP+) Exam Set 7

While conducting a web research that would help in making a better purchasing decision, a user visits series of Facebook pages and blogs containing fake reviews and testimonials in favor of a paid app intentionally infected with malware. Which social engineering principle applies to this attack scenario?

Options are :

  • d) Intimidation
  • a) Scarcity
  • c) Consensus
  • b) Authority
  • e) Urgency

Answer :c) Consensus

A collection of software tools used by a hacker to mask intrusion and obtain administrator-level access to a computer or computer network is known as:

Options are :

  • b) Spyware
  • c) Backdoor
  • a) Rootkit
  • d) Trojan

Answer :a) Rootkit

An unauthorized practice of obtaining confidential information by manipulating people into disclosing sensitive data is referred to as:

Options are :

  • d) Penetration testing
  • a) Shoulder surfing
  • b) Privilege escalation
  • c) Social engineering

Answer :c) Social engineering

CompTIA A+ (220-1002) Test Prep, Exams and Simulations Set 4

Which regulation in the United States would apply to a healthcare organization and require they protect the confidentially of patient data?

Options are :

  • B) GDPR
  • A) HIPAA
  • C) EU Privacy Shield
  • D) HDPA

Answer :A) HIPAA

Which one of the following best provides an example of detective controls versus prevention controls?

Options are :

  • c) IPS/camera versus IDS/guard
  • a) IDS/camera versus IPS/guard
  • b) IDS/IPS versus camera/guard
  • d) IPS versus guard

Answer :a) IDS/camera versus IPS/guard

You are responsible for application security for a small startup. You are responsible for conducting regular penetration tests. Recently the startup has faced some budget issues and lacks the funds to create a stand alone system to be used for vulnerability scanning applications. Due to this constraint you must conduct vulnerability scans on the live system (the same one being used by customers).

What type of scan should be used to ensure vulnerabilities are found but not executed?

Options are :

  • B) Non-credentialed
  • D) Credentialed
  • A) Intrusive
  • C) Non-intrusive

Answer :C) Non-intrusive

FC0-U51 CompTIA IT Fundamentals Certification Exam Set 1

Harmful programs used to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems are commonly referred to as:

Options are :

  • d) Spyware
  • a) Adware
  • c) Ransom ware
  • b) Malware

Answer :b) Malware

A replay attack occurs when an attacker intercepts user data and tries to use this information later to impersonate the user to obtain unauthorized access to resources on a network.

Options are :

  • True
  • False

Answer :True

You are observing an outage of your employers website. While investigating the cause of the outage you learn that there is a large-scale DDOS attack that has caused network outages for large percentages of the internet. The attack is targeting key infrastructure of major web service providers. According to news sources the attackers are sending huge numbers of requests to open DNS servers with spoofed IP addresses. The responses from the DNS servers are sent to the spoofed IP addresses which have resulted in network outages due to overwhelmed infrastructure.

What type of attack is being conducted?

Options are :

  • D) DNS jamming
  • B) DNS poisoning
  • C) Domain hijacking
  • A) DNS amplification

Answer :A) DNS amplification

CompTIA CySA+ (CS0-001) 5 Practice Certification Exams Set 2

You are a network engineer for a mid-sized consulting company. Your employer is currently in the role of a systems integrator for a transformation project at a retail company. You have been tasked with configuring a new network switch. Upon accessing the switch via SSH you receive a message stating only authorized users from ACME Enterprise and authorized 3rd party partners are permitted. You are not required to acknowledge or accept this warning in any way.

What type of control best classifies this type of message?

Options are :

  • D) Administrative
  • A) Prevantative
  • C) Detective
  • B) Deterrent

Answer :B) Deterrent

Phishing scams targeting a specific group of people are referred to as:

Options are :

  • c) Spoofing
  • b) Spear phishing
  • d) Whaling
  • a) Vishing

Answer :b) Spear phishing

When configuring a wireless access point what configuration change will hide the name of the wireless network and require users who want to connect to the network to know the wireless name?

Options are :

  • A) Disable SSID
  • D) Disable passive network name authentication
  • B) Enable WPA2's anonymous mode
  • C) Enable DLP on the access point

Answer :A) Disable SSID

CompTIA JK0-015 E2C Security+ Certification Practice Test Set 2

An attempt to flood the bandwidth or resources of a targeted system so that it becomes overwhelmed with false requests and in result doesn't have time or resources to handle legitimate requests is called:

Options are :

  • b) MITM attack
  • c) Session hijacking
  • d) DoS attack
  • a) Bluesnarfing

Answer :d) DoS attack

Cross-site request forgery (CSRF/XSRF) is a security exploit that allows for infecting a website with malicious code. The malicious code, often in the form of JavaScript, can then be sent to the unsuspecting user and executed via the user's web browser application.

Options are :

  • False
  • True

Answer :False

A type of software that performs unwanted and harmful actions in disguise of a legitimate and useful program is known as a Trojan horse. This type of malware may act like a legitimate program and have all the expected functionalities, but apart from that it will also contain a portion of malicious code that the user is unaware of.

Options are :

  • True
  • False

Answer :True

CompTIA PD1-001 PDI+ Beta Certification Practice Exam Set 1

Entry fields of web forms lacking input validation are vulnerable to what kind of attacks?

Options are :

  • c) Brute-force attacks
  • d) Dictionary attacks
  • b) SQL injection attacks
  • a) Replay attacks

Answer :b) SQL injection attacks

Which social engineering attack relies on identity theft?

Options are :

  • b) Dumpster diving
  • a) Impersonation
  • c) Watering hole attack
  • d) Shoulder surfing

Answer :a) Impersonation

Malicious software collecting information about users without their knowledge/consent is known as:

Options are :

  • a) Crypto-malware
  • d) Spyware
  • b) Adware
  • c) Ransom ware

Answer :d) Spyware

CA1-001 CompTIA Advanced Security Practitioner Practice Exam Set 5

In a session hijacking attack, a hacker takes advantage of the session ID stored in:

Options are :

  • c) Cookie
  • b) Digital signature
  • a) Key escrow
  • d) Firmware

Answer :c) Cookie

A standalone malicious computer program that typically propagates itself over a computer network to adversely affect system resources and network bandwidth is called:

Options are :

  • a) Spyware
  • c) Trojan
  • d) Spam
  • b) Worm

Answer :b) Worm

You are working as a security consultant for a small company. The owner of the company states they were recently targeted by hackers who gained access to their email account. Since then the attackers have taken control of the companies website and have stated they will only return control to the company after receiving a payment. The hosting provider has stated the web servers are not infected and no unusual logins have occurred. Despite this users are reporting they cannot access the companies website.

Based on this information, what type of attack has occurred to the website?

Options are :

  • D) DNS hijacking
  • B) Session hijacking
  • A) MitM
  • C) Cross-site scripting

Answer :D) DNS hijacking

220-802 CompTIA A+ Certification Practice Exam Set 3

You are the resident IT within your family. While relaxing and enjoying a family Thanksgiving dinner your sweet old Grandmother mentions that Microsoft called her cell phone and helped her with a virus on her computer. You explain to her that Microsoft does not call people directly to help with computer issues and that she was likely targeted by a malicious attacker. You scan her computer for viruses and find several.

Your poor sweet old Grandmother was a victim of what type of attack?

Options are :

  • B) Vishing
  • A) Spear phishing
  • D) Phonejacking
  • C) Tailgaiting

Answer :B) Vishing

Which of the following reduces the effectiveness of a good password policy?

Options are :

  • a) Account lockout
  • c) Account disablement
  • d) Password reuse
  • b) Password recovery

Answer :d) Password reuse

Which of the answers listed below refers to a common target of cross-site scripting (XSS)?

Options are :

  • d) Removable storage
  • c) Dynamic web pages
  • b) Alternate sites
  • a) Physical security

Answer :c) Dynamic web pages

CompTIA Network+ (N10-007) 6 Practice Exams and Simulations Set 7

A type of exploit that relies on overwriting contents of memory to cause unpredictable results in an application is known as:

Options are :

  • b) SQL injection
  • a) IV attack
  • c) Buffer overflow
  • d) Fuzz test

Answer :c) Buffer overflow

You have been called to the office of the CEO for a confidential meeting. In the meeting the CEO informs you he 'has a virus that won't let him login without paying a fee.' You begin to investigate the issue and find that the CEO downloaded a file from a website a friend shared on a social media site. After downloading the file his computer restarted and now will not allow anyone to login unless they enter credit card information.

Which option best describes the attack used in this scenario based on the information available?

Options are :

  • C) The CEO was the target of a spear phishing social engineering attack
  • A) The CEO downloaded and executed Ransomware
  • B) The CEO executed a Rootkit which gave backdoor access to a hacker
  • D) A botnet is attacking the CEO's computer and disabling login attempts

Answer :A) The CEO downloaded and executed Ransomware

An organization is implementing a server-side application using OAuth 2.0. Which of the following grant types should be used?

Options are :

  • b) Authorization code
  • d) Client credentials
  • c) Password credentials
  • a) Implicit

Answer :b) Authorization code

CompTIA JK0-801 A+ Laptops Printers and Operational Exam Set 5

Remapping a domain name to a rogue IP address is an example of what kind of exploit?

Options are :

  • d) URL hijacking
  • a) DNS poisoning
  • b) Domain hijacking
  • c) ARP poisoning

Answer :a) DNS poisoning

Which of the following is not a certificate trust model for arranging Certificate Authorities?

Options are :

  • a) Bridge CA architecture
  • d) Sub-CA architecture
  • c) Single-CA architecture
  • b) Hierarchical CA architecture

Answer :d) Sub-CA architecture

Which of the following options is a vendor neutral standard for message logging?

Options are :

  • B) Event manager
  • D) Syslog
  • A) SIEM
  • C) SNMP

Answer :D) Syslog

CT0-101 Convergence+ Certification Practice Exam Set 4

A large chemical company will soon be legally required to offer phone support for customers to contact in the event of a chemical spill or other similar issue. The new law requires the company be available 24/7, 365 days a year or large fines will be levied against the company. You have been contracted to ensure a power outage does not prevent the help desk from being available to callers. You have been given the requirement that all electronic equipment (desktops, servers, network equipment, phones, etc.) must operate for up to 24 hours without interruption during a power outage.

Which of the following options would best meet requirement?

Options are :

  • B) Online UPS
  • D) Generator
  • C) Line-Interactive UPS
  • A) Emergency power supply

Answer :D) Generator

A lazy programmer at a startup was recently fired for sleeping at their cubicle. Angry about being fired and wanting revenge, the programmer accessed the admin panel the startups website using a method they previously programmed into the application before being fired. With access to the admin panel the former employee was able to delete user account from the database which caused a lot of issues for the company.

Which of the following options best describes the methodology of the attack?

Options are :

  • A) Rootkit
  • C) SQL injection
  • D) Ransomware
  • B) Backdoor

Answer :B) Backdoor

A fraudulent email requesting its recipient to reveal sensitive information (e.g. user name and password) used later by an attacker for the purpose of identity theft is an example of: (Select all that apply)

Options are :

  • c) Social engineering
  • a) Phishing
  • e) Vishing
  • b) Watering hole attack
  • d) Blue jacking

Answer :c) Social engineering a) Phishing

Practice : CompTIA Cloud+ Certification

A type of attack aimed at exploiting vulnerability that is present in already released software but unknown to the software developer is called:

Options are :

  • b) Zero-day attack
  • a) Xmas attack
  • c) IV attack
  • d) Replay attack

Answer :b) Zero-day attack

Which of the following options is a valid type of evidence in a computer forensics investigation that proves innocence?

Options are :

  • A) Documentary evidence
  • B) Demonstrative evidence
  • D) Inculpatory evidence
  • C) Exculpatory evidence

Answer :C) Exculpatory evidence

An attacker impersonating a software beta tester replies to a victim's post in a forum thread discussing the best options for affordable productivity software. A while later, he/she follows up by sending the victim private message mentioning the discussion thread and offering free access to a closed beta version of a fake office app. Which social engineering principles apply to this attack scenario? (Select 3 answers)

Options are :

  • b) Intimidation
  • a) Authority
  • f) Trust
  • c) Consensus
  • g) Urgency
  • e) Familiarity
  • d) Scarcity

Answer :f) Trust e) Familiarity d) Scarcity

CompTIA Cloud Essentials Cert Exam Prep CL0-002 Set 2

Which of the following best describes a biometric false acceptance rate (FAR)?

Options are :

  • d) Failure to identify a biometric image
  • a) The point at which acceptances and rejections are equal
  • c) Access allowed to an unauthorized user
  • b) Rejection of an authorized user

Answer :c) Access allowed to an unauthorized user

You identify a system that becomes progressively slower over a couple days until it is unresponsive. Which of the following is most likely the reason for this behavior?

Options are :

  • b) Race condition
  • d) Untrained user
  • a) Improper error handling
  • c) Memory leak

Answer :c) Memory leak

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions