CompTIA Security+ SY0-501 Exam Preparation (Latest Version) Set 3

During routine security checks you discover that a wireless access point is setup on the outside of your employer's office building. The access point has the same SSID as the internal WiFi network but is unsecured to allow anyone access.


What type of attack have you discovered?


Options are :

  • B) SSID reduplication attack
  • C) Jamming
  • A) W-DNS Spoofing
  • D) Evil twin

Answer :D) Evil twin

JK0-017 CompTIA E2C Project+ Certification Practice Exam Set 9

A social engineering technique whereby attackers under disguise of legitimate request attempt to gain access to confidential information they shouldn't have access to is commonly referred to as:


Options are :

  • b) Privilege escalation
  • d) Shoulder surfing
  • a) Phishing
  • c) Backdoor access

Answer :a) Phishing

You are conducting a penetration test on a web application recently purchased by the HR department of your employer. You find that when creating a new user account in the Web UI you can delete data from the database by entering '; DROP TABLE Users' into the field for the user account.


What type of vulnerability have you discovered?


Options are :

  • B) XML Injection
  • D) Request forgery
  • C) Drop database vulnerability
  • A) SQL injection

Answer :A) SQL injection

In computer security, the term "Dumpster diving" is used to describe a practice of sifting through trash for discarded documents containing sensitive data. Found documents containing names and surnames of the employees along with the information about positions held in the company and other data can be used to facilitate social engineering attacks. Having the documents shredded or incinerated before disposal makes dumpster diving less effective and mitigates the risk of social engineering attacks.


Options are :

  • True
  • False

Answer :True

NEW! CompTIA A+ 2019 Cert. Core 2 (220-1002) Practice Tests Set 6

Privacy filter (a.k.a. privacy screen) is a protective overlay placed on the computer screen that narrows the viewing angle, so the screen content is only visible directly in front of the monitor and cannot be seen by others nearby. Privacy filter is one of the countermeasures against shoulder surfing.


Options are :

  • False
  • True

Answer :True

Your employer is planning to place wireless devices at the entrance of their retail locations. The devices will use WiFi to connect to the store's wireless network and use beams of light to detect when someone enters through the entrance.

Other than WiFi, what type of wireless communication is being used?


Options are :

  • A) 802.11
  • C) Bluetooth
  • B) NFC
  • D) Infrared

Answer :D) Infrared

As opposed to the simple Denial of Service (DoS) attacks that usually are performed from a single system, a Distributed Denial of Service (DDoS) attack uses multiple compromised computer systems to perform the attack against its target. The intermediary systems that are used as platform for the attack are the secondary victims of the DDoS attack; they are often referred to as zombies, and collectively as a botnet.


Options are :

  • False
  • True

Answer :True

220-702 CompTIA A+ Practical Application Practice Exam Set 11

Which of the terms listed below applies to a collection of intermediary compromised systems that are used as a platform for a DDoS attack?


Options are :

  • c) Quarantine network
  • a) Honey net
  • d) Malware
  • b) Botnet

Answer :b) Botnet

Which of the terms listed below refers to a computer security exploit that takes advantage of vulnerabilities in a user's web browser application?


Options are :

  • c) MTBF
  • a) MTTR
  • d) MITB
  • b) MITM

Answer :d) MITB

Which of the terms listed below refers to an example of a crypto-malware?


Options are :

  • a) Backdoor
  • b) Ransom ware
  • d) Rootkit
  • c) Key logger

Answer :b) Ransom ware

JK0-017 CompTIA E2C Project+ Certification Practice Exam Set 7

Which statements best describe the attributes of an APT? (Select 3 answers)


Options are :

  • e) Low level of technical sophistication
  • d) Threat actors are individuals
  • f) Threat actors are governments/nation states
  • b) High level of technical sophistication
  • a) Lack of extensive resources/funding
  • c) Extensive amount of resources/funding

Answer :f) Threat actors are governments/nation states b) High level of technical sophistication c) Extensive amount of resources/funding

CompTIA N10-004 Network+ Certification Practice Test Set 6

Which of the following implements two-factor authentication?


Options are :

  • D. A data center mantrap requiring fingerprint and iris scan
  • A. A phone system requiring a PIN to make a call
  • C. A computer requiring username and password
  • B. At ATM requiring a credit card and PIN

Answer :B. At ATM requiring a credit card and PIN

IP spoofing and MAC spoofing rely on falsifying what type of address?


Options are :

  • c) Loopback address
  • a) Broadcast address
  • d) Destination address
  • b) Source address

Answer :b) Source address

In penetration testing, passive reconnaissance relies on gathering information on the targeted system with the use of various non-invasive software tools and techniques, such as pinging, port scanning, or OS fingerprinting.


Options are :

  • False
  • True

Answer :False

FC0-U51 CompTIA IT Fundamentals Certification Exam Set 9

How many rounds does 3DES perform when encrypting data?


Options are :

  • D) 48
  • B) 16
  • C) 32
  • A) 8

Answer :D) 48

Rainbow tables are lookup tables used to speed up the process of password guessing.


Options are :

  • True
  • False

Answer :True

What type of certificate can be used for a list of explicitly given domains, IP addresses or sub domains?


Options are :

  • B) Wildcard
  • D) SAN
  • A) Code signed
  • C) Self signed

Answer :D) SAN

CompTIA CySA+ (CS0-001) 5 Practice Certification Exams Set 2

A type of wireless attack designed to exploit vulnerabilities of WEP is known as:


Options are :

  • c) IV attack
  • b) Smurf attack
  • a) MITM attack
  • d) Xmas attack

Answer :c) IV attack

A situation where cryptographic hash function produces two different digests for the same data input is referred to as hash collision.


Options are :

  • False
  • True

Answer :False

A predefined username/password on a brand new wireless router is an example of:


Options are :

  • c) Zero-day vulnerability
  • b) Misconfiguration
  • d) Architecture/design weakness
  • a) Default configuration

Answer :a) Default configuration

220-701 A+ Essentials Certification Practice Exam Set 11

Which of the following factors pose the greatest risk for embedded systems? (Select 2 answers)


Options are :

  • c) System sprawl
  • e) Improper input handling
  • b) Inadequate vendor support
  • d) Default configurations
  • a) Lack of user training

Answer :b) Inadequate vendor support d) Default configurations

You work as a freelance security consultant. You are now working for a large government and have been contracted to create a stand-alone system that should attract malicious activity. The system should mimic an existing productive system but with fake non-sensitive data. The activity in this new system should be recorded so security analysts can review and identify patterns in the malicious activity.


What best defines this type of system?


Options are :

  • C) Ad hoc target
  • B) Honeynet
  • A) DMZ
  • D) DDoS Mitigator

Answer :B) Honeynet

Despite having implemented password policies, users continue to set the same weak passwords and reuse old passwords. Which of the following technical controls would help prevent these policy violations? (Select two.)


Options are :

  • B. Password length
  • E. Password lockout
  • C. Password complexity
  • D. Password history
  • A. Password expiration

Answer :D. Password history

JK0-016 CompTIA Network+ 2009 Edition Practice Exam Set 8

Vulnerability scanning:

(Select all that apply)


Options are :

  • e) Passively tests security controls
  • c) Identifies common misconfigurations
  • b) Actively tests security controls
  • a) Identifies lack of security controls
  • d) Exploits vulnerabilities

Answer :e) Passively tests security controls c) Identifies common misconfigurations

Gaining unauthorized access to a Bluetooth device is referred to as:


Options are :

  • d) Bluesnarfing
  • b) Bluejacking
  • c) Tailgating
  • a) Phishing

Answer :d) Bluesnarfing

In penetration testing, the practice of using one compromised system as a platform for further attacks on other systems on the same network is known as:


Options are :

  • d) Gray-box testing
  • b) Pivoting
  • a) Initial exploitation
  • c) Escalation of privilege

Answer :b) Pivoting

CA1-001 CompTIA Advanced Security Practitioner Practice Exam Set 3

Which of the following is used in PKI for key agreement?


Options are :

  • D) HMAC
  • C) CTR
  • B) ECDH
  • A) RSA

Answer :B) ECDH

Which of the cryptographic algorithms listed below is the least vulnerable to attacks?


Options are :

  • d) 3DES
  • a) AES
  • c) RC4
  • b) DES

Answer :a) AES

Which term best applies to the following statement: Plain text data is converted to an unreadable format that cannot be converted back into it's original format


Options are :

  • D) Asymmetric Encryption
  • C) Codebook
  • A) Encryption
  • B) Hashing

Answer :B) Hashing

JK0-016 CompTIA Network+ 2009 Edition Practice Exam Set 3

An attack against encrypted data that relies heavily on computing power to check all possible keys and passwords until the correct one is found is known as:


Options are :

  • c) Dictionary attack
  • a) Replay attack
  • b) Brute-force attack
  • d) Birthday attack

Answer :b) Brute-force attack

A person who breaks into a computer network or system for a politically or socially motivated purpose is typically described as:


Options are :

  • c) Hacktivist
  • b) Competitor
  • d) Script kiddie
  • a) Insider

Answer :c) Hacktivist

A network administrator wants to implement a method of securing internal routing. Which of the following should the administrator implement?


Options are :

  • C. VPN
  • A. DMZ
  • B. NAT
  • D. PAT

Answer :C. VPN

CompTIA SY0-401 Security Certification Practice Exam Set 6

Which of the following types of cloud infrastructures would allow several organizations with similar structures and interests to realize the benefits of shared storage and resources?


Options are :

  • C. Public
  • A. Private
  • D. Community
  • B. Hybrid

Answer :D. Community

Which of the following security protocols is the least susceptible to wireless replay attacks?


Options are :

  • c) WPA2-PSK
  • d) WPA-CCMP
  • b) WPA-TKIP
  • a) WPA2-CCMP
  • e) WPA2-TKIP

Answer :a) WPA2-CCMP

A solution that simplifies configuration of new wireless networks by allowing non-technical users to easily configure network security settings and add new devices to an existing network is known as:


Options are :

  • c) WEP
  • a) WPA
  • d) WAP
  • b) WPS

Answer :b) WPS

CompTIA HT0-201 DHTI+ Certification Practice Exam Set 6

Out of the following algorithms, which is a symmetric-key algorithm?


Options are :

  • A) RSA
  • B) PGP/GPG
  • D) DES
  • C) DSA

Answer :D) DES

The term "URL hijacking" (a.k.a. "Typosquatting") refers to a practice of registering misspelled domain name closely resembling other well established and popular domain name in hopes of getting Internet traffic from users who would make errors while typing in the URL in their web browsers.


Options are :

  • True
  • False

Answer :True

Which of the following terms is used to describe a type of penetration test in which the person conducting the test has a limited access to information on the internal workings of the targeted system?


Options are :

  • b) Fuzz testing
  • d) White-box testing
  • a) Black-box testing
  • c) Gray-box testing

Answer :c) Gray-box testing

CompTIA JK0-018 Security+ E2C Certified Practice Exam Set 8

The practice of sending unsolicited messages over Bluetooth is called:


Options are :

  • d) Bluesnarfing
  • c) Vishing
  • b) Bluejacking
  • a) SPIM

Answer :b) Bluejacking

Which of the terms listed below refer(s) to software/hardware driver manipulation technique(s) that might be used to enable malware injection?

(Select all that apply)


Options are :

  • d) Shimming
  • e) Sideloading
  • a) Refactoring
  • b) Sandboxing
  • c) Fuzz testing

Answer :d) Shimming a) Refactoring

Penetration testing:

(Select all that apply)


Options are :

  • d) Exploits vulnerabilities
  • a) Bypasses security controls
  • e) Passively tests security controls
  • b) Only identifies lack of security controls
  • c) Actively tests security controls

Answer :d) Exploits vulnerabilities a) Bypasses security controls c) Actively tests security controls

Exam : CompTIA A+ Certification 220-902

Which term best describes a disgruntled employee abusing legitimate access to company's internal resources?


Options are :

  • b) Insider threat
  • c) Hacktivist
  • a) Script kiddie
  • d) Organized crime

Answer :b) Insider threat

What improvements does a VLAN offer for network security?


Options are :

  • B) Provides layer 4 filtering (TCP/UDP)
  • C) Allows for session dropping in the event of an anomaly detection
  • D) Logically separates network segments
  • A) Physically restricts unauthorized devices from network access

Answer :D) Logically separates network segments

Which of the following terms best describes a type of threat actor that engages in illegal activities to get the know-how and gain market advantage?


Options are :

  • d) Competitors
  • c) Organized crime
  • b) Nation states/APT
  • a) Insiders

Answer :d) Competitors

BR0-003 CompTIA A+ 2009 Edition Bridge Practice Exam Set 5

Malicious traffic from an internal network has been detected on an unauthorized port on an application server. Which of the following network-based security controls should the engineer consider implementing?


Options are :

  • D. MAC filtering
  • A. ACLs
  • C. NAT
  • B. HIPS

Answer :A. ACLs

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions