CompTIA Security+ (SY0-501) Complete Course & Practice Exam Set 2

Assuming that Company X trusts Company Y, and Company Y trusts Company Z, then we can assume Company X trusts Company Z, too. What concept of PKI does this represent

Options are :

  • Domain level trust
  • Certificate authority trust
  • Public key trust
  • Transitive trust (Correct)

Answer :Transitive trust

CompTIA SY0-401 Security Certification Practice Exam Set 2

Which of the following is not a factor of authentication

Options are :

  • Something you know
  • Something you are
  • Something you have
  • Something you want (Correct)

Answer :Something you want

Dion Training Solutions is requiring students to logon using multifactor authentication in an effort to increase the security of the authentication and login process. Currently, the students logon to using a username and password. What proposed solution would best meet the goal of enabling multifactor authentication for the student logon process

Options are :

  • Require students to enter a cognitive password requirement (such as 'What is your dog's nameX')
  • Require students to enter a unique 6 digit number that is sent to them by SMS after entering their username and password (Correct)
  • Require students to create a unique pin that is entered after their username and password are accepted
  • Require students to choose an image to serve as a secondary password after logon

Answer :Require students to enter a unique 6 digit number that is sent to them by SMS after entering their username and password

Julie was just hired to conduct a security assessment of your company's security policies. During her assessment, she noticed that there were many group accounts being shared by users to conduct their work roles. Julie recommended that the group accounts be eliminated and instead have an account created for each user. What improvement will this recommended action provide for the company

Options are :

  • More routine auditing
  • Increase password security
  • Increase individual accountability (Correct)
  • More efficient baseline management

Answer :Increase individual accountability

CD0-001 CDIA+ Certification Practice Exam Set 8

What is used as a measure of biometric performance to rate the system's ability to correctly authenticate an authorized user by measuring the rate that an unauthorized user is mistakenly permitted access

Options are :

  • False acceptance rate (Correct)
  • False rejection rate
  • Crossover error rate
  • Failure to capture

Answer :False acceptance rate

Your organization has recently suffered a data breach due to a server being exploited. As a part of the remediation efforts, the company wants to ensure that the default administrator password on each of the 1250 workstations on the network is changed. What is the easiest way to perform this password change

Options are :

  • Deploy a new group policy (Correct)
  • Create a new security group
  • Utilize the key escrow process
  • Revoke the digital certificate

Answer :Deploy a new group policy

During a penetration test of your company's network, the assessor came across a spreadsheet with the passwords being used for several of the servers. Four of the passwords recovered are listed below, which one is the weakest password and should be changed FIRST in order to increase the password's complexity

Options are :

Answer :pa55word

BR0-001 CompTIA Bridge Security+ Certification Practice Exam Set 3

What is a major security risk that could occur when you co-mingle hosts/servers with different security requirements in a single network

Options are :

  • Password compromises
  • Privilege creep
  • Security policy violations (Correct)
  • Zombie attacks

Answer :Security policy violations

Sean has been asked to write a new security policy to reduce the risk of employees working together to steal information from the corporate network. Which of the following policies should Sean write to counter this threat

Options are :

  • Policy that requires mandatory vacations (Correct)
  • Policy that requires least privilege
  • Privacy policy
  • Acceptable use policy

Answer :Policy that requires mandatory vacations

Your company is building a new data center. The group designing the facility has decided to provide additional HVAC capacity to ensure the data center maintains a consistently low temperature. What benefit might be achieved by increasing the HVAC capacity

Options are :

  • Higher data integrity due to more efficient SSD cooling
  • Longer UPS run time due to increase airflow
  • Increase availability of network services due to higher throughput
  • Longer MTBF of hardware due to lower operating temperatures (Correct)

Answer :Longer MTBF of hardware due to lower operating temperatures

CompTIA Security+ Cert. (SY0-501) Practice Tests Set 6

Your company has a $25,000 server that has been crashing frequently. Over the past 12 months, the server has crashed 10 times, requiring the server to be rebooted in order to recover from the crash. Each time, this has resulted in a 5% loss of functionality or data. Based on this information, what is the Annual Loss Expectancy (ALE) for this server

Options are :

  • $2,500
  • $2,500
  • $7,500 (Correct)
  • $25,000

Answer :$7,500

You have been asked by the incident response team leader to perform a forensic examination on a workstation that is suspected to be infected with malware. You remember from your training that you must collect digital evidence in the proper order to protect it from being changed during your evidence collection efforts. Which of the following describes the correct sequence to collect the data from the workstation

Options are :

  • RAM, CPU cache, Swap, Hard drive
  • Hard drive, Swap, CPU Cache, RAM
  • CPU Cache, RAM, Swap, Hard drive (Correct)
  • Swap, RAM, CPU Cache, Hard drive

Answer :CPU Cache, RAM, Swap, Hard drive

You have been hired as a consultant to Small Time Corp Incorporated to review their current disaster recovery plans. The CEO has requested that the plans ensure that the company can limit downtime in the event of a disaster, but due to staffing concerns he simply cannot approve the budget to implement or maintain a fully redundant offsite location to ensure a 99.999% availability. Based on that limitation, what should you recommend to the CEO of Small Time Corp

Options are :

  • Recommend that the company install a set of redundnat servers to another part of the company's office building
  • Recommend that the company retain all hardware at their office building but ship their backups to an offsite facility for storage
  • Recommend that the company retain their backups in their office building, but install redundant services in a colocated datacenter within a different company
  • Recommend that the redundant hardware be maintained at the offsite location and configure it to be ready for the recovery of the company's backup data when needed (Correct)

Answer :Recommend that the redundant hardware be maintained at the offsite location and configure it to be ready for the recovery of the company's backup data when needed

220-701 A+ Essentials Certification Practice Exam Set 12

Hilda needs a cost-effective backup solution that would allow for the restoration of data within a 24 hour RPO. The disaster recovery plan requires that backups occur during a specific timeframe each week and then the backups should be transported to an offsite facility for storage. What strategy should Hilda choose to BEST meet these requirements

Options are :

  • Create a daily incremental backup to tape (Correct)
  • Create disk-to-disk snapshots of the server every hour
  • Configure replication of the data to a set of servers located at a hot site
  • Conduct full backup daily to tape

Answer :Create a daily incremental backup to tape

Your company's offices utilize an open concept floor plan. You are concerned that a visitor might attempt to steal an external hard drive and carry it out of the building. To mitigate this risk, your security department has recommended installing security cameras that are clearly visible to both employees and visitors. What type of security control do these camera represent

Options are :

  • Corrective
  • Compensating
  • Administrative
  • Deterrent (Correct)

Answer :Deterrent

Your company has just finished replacing all of its computers with brand new workstations. Colleen, one of your coworkers, has asked the owner of the company if she can have the old computers that are about to be thrown away. Colleen would like to refurbish the old computers by reinstalling a new operating system and donate them to a local community center for disadvantaged children in the neighborhood. The owner thinks this is a great idea, but is concerned that the private and sensitive corporate data on the old computer's hard drives might be placed at risk of exposure. You have been asked to choose the best solution to sanitize or destroy the data while ensuring the computers will still be usable by the community center. What type of data destruction or sanitization method do you recommend

Options are :

  • Degaussing
  • Wiping (Correct)
  • Purging
  • Shredding

Answer :Wiping

CompTIA Cloud Essentials CLO-001 Certified Practice Exam Set 6

James, a programmer at Apple Computers, is surfing the internet on his lunch break. He comes across a rumor site that is focused on providing details of the upcoming iPhone being released in a few months. James knows that Apple likes to keep their product details a secret until they are publicly announced. As James is looking over the website, he sees a blog post with an embedded picture of a PDF containing detailed specifications for the next iPhone and labeled as "Proprietary Information - Internal Use Only". The new iPhone is still several months away from release. What should James do next

Options are :

  • Contact the website's owner and request they take down the PDF
  • Contact his team lead and ask what he should do next
  • Contact the service desk or incident response team to determine what to do next (Correct)
  • Reply to the blog post and deny the accuracy of the specifications

Answer :Contact the service desk or incident response team to determine what to do next

A company is using RADIUS authentication to connect a network client to a networked file server by providing its authentication credentials. The file server then uses the authentication credentials to issue a RADIUS authentication request to the RADIUS server. The RADIUS server then is able to exchange RADIUS authentication messages with the file server on behalf of the client. Throughout this process, a shared secret is used to protect the communication. Which of the following technologies relies upon the shared secret

Options are :

  • RADIUS (Correct)
  • Kerberos
  • PKI
  • LDAP

Answer :RADIUS

Dion Training Solutions has contracted a software development firm to create a bulk file upload utility for its website. During a requirements planning meeting, the developers asked what type of encryption is required for the project. After some discussion, Jason decides that the file upload tool should use a cipher that is capable of encrypting 8 bits of data at a time before transmitting the files from the web developer's workstation to the web server. What of the following should be selected to meet this security requirement

Options are :

  • Stream cipher
  • Block cipher (Correct)
  • CRC
  • Hashing algorithm

Answer :Block cipher

CAS-003 CompTIA Advanced Security Practitioner (CASP+) Exam Set 1

Sarah is working at a startup that is focused on making secure banking apps for smartphones. Her company needs to select an asymmetric encryption algorithm to encrypt the data being used by the app. Due to the need for high security of the banking data, the company needs to ensure that whatever encryption they use is consider strong, but also need to minimize the processing power required since it will be running on a mobile device with lower computing power. Which algorithm should Sarah choose in order to provide the same level of high encryption strength with a lower overall key length

Options are :

  • Diffie-Hellman
  • RSA
  • ECC (Correct)
  • Twofish

Answer :ECC

Your company has just suffered a website defacement of its public facing web server. The CEO believes this act of vandalism may have been done by the company's biggest competitor. The decision has been made to contact law enforcement so evidence can be collected properly for use in a potential court case. Laura is a digital forensics investigator assigned to collect the evidence. She create a bit-by-bit disk image of the web server's hard drive as part of her evidence collection. Which technology should Laura use after creating the disk image to verify the data integrity of the copy matches that of the original web server's hard disk

Options are :

  • SHA-256 (Correct)
  • RSA
  • AES
  • 3DES

Answer :SHA-256

Frank and John have started a secret club together. They want to ensure that when they send messages to each other, they are truly unbreakable. What encryption key would provide the STRONGEST and MOST secure encryption

Options are :

  • DES with a 56-bit key
  • AES with a 256-bit key
  • ECC with a 256-bit key
  • Randomized one-time use pad (Correct)

Answer :Randomized one-time use pad

SK0-004 CompTIA Server+ Certification Practice Exam Set 5

Why would a company want to utilize a wildcard certificate for their servers

Options are :

  • To secure the certificate's private key
  • To increase the certificate's encryption key length
  • To reduce the certificate management burden (Correct)
  • To extend the renewal data of the certificate

Answer :To reduce the certificate management burden

In an effort to increase the security of their passwords, Ted's company has added a salt and cryptographic hash to their passwords prior to storing them. To further increase security, they run this process many times before storing the passwords. What is this technique called

Options are :

  • Key stretching (Correct)
  • Rainbow table
  • Salting
  • Collision resistance

Answer :Key stretching

You just received an email from Bob, your investment banker, stating that he completed the wire transfer of $20,000 to your bank account in Vietnam. The problem is, you don't have a bank account in Vietnam! You immediately call Bob to ask what is happening. Bob explains that he received an email from you requesting the transfer. You insist you never sent that email to Bob initiating the transfer. What aspect of PKI is used to BEST ensure that a sender actually sent a particular email message

Options are :

  • CRL
  • Trust models
  • Recovery agents
  • Non-repudiation (Correct)

Answer :Non-repudiation

CompTIA Network+ 6 Certification Practice Exams - 2019 Set 7

(Sample Simulation - On the real exam for this type of question, you would have to rearrange the steps into the proper order by dragging and dropping them into place.)

What is the correct order of the Incident Response process

Options are :

  • Identification, Containment, Eradication, Preparation, Recovery, and Lessons Learned
  • Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned (Correct)
  • Containment, Eradication, Identification, Lessons Learned, Preparation, and Recovery
  • Lessons Learned, Recovery, Preparation, Identification, Containment, and Eradication

Answer :Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned

Which of the following best describes the attack being illustratedX

Options are :

  • Ping of Death
  • XMAS Tree Attack
  • Man in the Middle
  • Smurf (Correct)

Answer :Smurf

(Sample Simulation - On the real exam for this type of question, you would have access to the log files to determine which server on a network might have been affected, and then choose the appropriate actions.)

A cybersecurity analyst has determined that an attack has occurred against your company's network. Fortunately, your company uses a good system of logging with a centralized SYSLOG server, so all the logs are available, were collected, and have been stored properly. According to the cybersecurity analyst, the logs indicate that the database server was the only company server on the network that appears to have been attacked. The network is a critical production network for your organization, therefore you have been asked to choose the LEAST disruptive actions on the network while performing the appropriate incident response actions. Which actions do you recommend to as part of the response efforts

Options are :

  • Capture network traffic using a sniffer, schedule a period of downtime to image and remediate the affected server, and maintain the chain of custody (Correct)
  • Isolate the affected server from the network immediately, format the database server, reinstall from a known good backup
  • Immediately remove the database server from the network, create an image of its hard disk, maintain the chain of custody
  • Conduct a system restore of the database server, image the hard drive, and maintain the chain of custody

Answer :Capture network traffic using a sniffer, schedule a period of downtime to image and remediate the affected server, and maintain the chain of custody

CompTIA PD1-001 PDI+ Beta Certification Practice Exam Set 23

(Sample Simulation - On the real exam for this type of question, you may receive a list of attack vectors and targets. Based on these, you would select the type of attack that occurred.)

(1) An attacker has been collecting credit card details by calling victims and using false pretexts to trick them.

(2) An attacker sends out to 100,000 random email addresses. In the email the attacker sent, it claims that "Your Bank of American account has been locked out. Please click here to reset your password."

What type of attacks have occurred in (1) and (2)

Options are :

  • (1) Vishing and (2) Phishing (Correct)
  • (1) Spearphishing and (2) Pharming
  • (1) Hoax and (2) Spearphishing
  • (1) Pharming and (2) Phishing

Answer :(1) Vishing and (2) Phishing

(Sample Simulation - On the real exam for this type of question, you may receive a list of different RAID types and asked to visually display which hard drives in the RAID are used for redundant data storage as either a stripe or a mirror. Then, you will have to identify which RAID type is most appropriate for each type of server shown.)

You are configuring a RAID drive for a Media Streaming Server. Your primary concern is speed of delivery of the data. This server has two hard disks installed.

What type of RAID should you installX

What type of data will be stored on Disk 1 and what type of Disk 2

Options are :

  • RAID 0 - Disk 1 (Stripe) and Disk 2 (Stripe) (Correct)
  • RAID 0 - Disk 1 (Mirror) and Disk 2 (Mirror)
  • RAID 1 - Disk 1 (Stripe) and Disk 2 (Stripe)
  • RAID 1 - Disk 2 (Mirror) and Disk 2 (Mirror)

Answer :RAID 0 - Disk 1 (Stripe) and Disk 2 (Stripe)

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions