CompTIA Security+ (SY0-501) Practice Exams with Simulations Set 2

You are responsible for the web application security for your company's e-commerce server. You're especially concerned with XSS and SQL injection. Of the following, which technique would be the most effective at mitigating these attacks?

Options are :

  • Proper error handling
  • The use of stored procedures
  • Proper input validation
  • Code signing

Answer :Proper input validation

JK0-015 CompTIA E2C Security+ 2008 Edition Practice Exam Set 7

Laura is concerned about social engineering, specifically that this technique could be used by an attacker to obtain information about their network, even those relating to passwords. What countermeasure can be taken to ensure she's most effective in combating social engineering?

Options are :

  • SPI firewall
  • IPS
  • User training
  • Strong policies

Answer :User training

James is worried about how his company will respond to breaches. He's interested in finding a way that will identify files that have been altered during the breach. What is the best solution for him to implement?

Options are :

  • NAC
  • NIDS
  • File integrity checker
  • Vulnerability scanner

Answer :File integrity checker

Scott works for a large bank that is trying to limit the risk associated with unapproved USB devices to company documents. Which is the best solution for this problem?

Options are :

  • IDS
  • DLP
  • Content Filtering
  • NIPS

Answer :DLP

CompTIA JK0-022 Security Cryptography Certification Exam Set 3

As the security manager, you need to reduce the risk of employees working in collusion to embezzle funds. Which process would you implement?

Options are :

  • Mandatory vacations
  • Clean desk
  • NDA
  • Continuing education

Answer :Mandatory vacations

JB is a security administrator for a bank and has discovered a piece of software on the database server that is not supposed to be there. It looks as though the software will begin deleting files if a certain employee is terminated. What best describes this process?

Options are :

  • Worm
  • Logic bomb
  • Trojan horse
  • Rootkit

Answer :Logic bomb

Of the following, which is the most important benefit from implementing SDN?

Options are :

  • It will stop malware
  • It provides scalability
  • It will detect intrusions
  • It will prevent session hijacking

Answer :It provides scalability

SY0-401 CompTIA Security+ Certification Practice Exam Set 2

Which is the least secure hashing algorithm?

Options are :

  • MD5
  • SHA-1
  • AES

Answer :MD5

Backup tapes are stored off-site. What should be done with them?

Options are :

  • Generate a file hash for each backup file
  • Scan the backup date for viruses
  • Perform a chain of custody on the backup tape
  • Encrypt the backup data

Answer :Encrypt the backup data

Alissa has deployed session tokens on her network. What would these tokens be the most effective in protecting against?

Options are :

  • DDoS
  • Replay
  • SYN flood
  • Malware

Answer :Replay

CAS-003 CompTIA Advanced Security Practitioner (CASP+) Exam Set 5

Jonathan works for a large bank and one of his responsibilities is to ensure that web bank logins are as secure as possible. He's concerned that a customer's account login could be compromised and someone else would gain access to that customer's account. What is the best way to mitigate this threat?

Options are :

  • Use SMS authentication for any logins from an unknown computer or location
  • Encrypt all traffic via TLS
  • Require strong passwords
  • Do not allow customers to log on from any place other than their home computer

Answer :Use SMS authentication for any logins from an unknown computer or location

Choose the attack that depends on the attacker entering JavaScript into a text area that is intended for users to enter text that can be viewed by other users:

Options are :

  • SQL injection
  • Clickjacking
  • Cross-site scripting
  • Bluejacking

Answer :Cross-site scripting

Of the listed principles, which one states that multiple changes made to computer systems shouldn't be made simultaneously?

Options are :

  • Due diligence
  • Acceptable use
  • Change management
  • Due care

Answer :Change management

220-701 A+ Essentials Certification Practice Exam Set 10

Sharon is responsible for the security on web applications. She's looking to see if all applications have input validation. What is the best way to implement validation?

Options are :

  • Server-side validation
  • Client-side validation
  • Validate in trust
  • Client-side and server-side validation

Answer :Client-side and server-side validation

Which recovery site is the easiest to test?

Options are :

  • Warm site
  • Cold site
  • Hot site
  • Medium site

Answer :Hot site

Josh is a bank manager and has suspicions that one of his tellers has stolen money from their respective station. After talking with his supervisor, he places the employee on leave with pay, changes their computer account to suspended, and takes their prox card and building keys. Which procedure was followed?

Options are :

  • Mandatory vacation
  • Exit interview
  • Adverse actions
  • Onboarding

Answer :Adverse actions

CAS-001 CompTIA Advanced Security Practitioner Practice Exam Set 5

Alissa manages network security at her company. She's had several calls from users stating that their personal data is being stolen when they use the wireless network. Several of them have insisted they only connect to the corporate wireless access point (WAP), but logs for the WAP show the users have never connected to it. Which of the following explains this situation?

Options are :

  • Session hijacking
  • Clickjacking
  • Rogue access point
  • Bluejacking

Answer :Rogue access point

You work for a company that is issuing portable devices to employees for both work and personal use. The company is doing this so they can control the security of the devices. As an employee, what issue is raised by using a company-owned device for your work-related data and personal use?

Options are :

  • Personal information being exposed
  • Company data being exfiltrated
  • Devices being insecurely configured
  • No issues

Answer :Personal information being exposed

Matthew is working to select an authentication method for his company that will support REST as well as many web-based and mobile clients. Which of the following would be the best choice?

Options are :

  • Shibboleth
  • OpenID Connect
  • OAuth

Answer :OpenID Connect

220-701 A+ Essentials Certification Practice Exam Set 4

Lori is concerned about DHCP starvation attacks, especially since learning that anyone can download a software called a "gobbler" and use it to execute a DHCP starvation attack. What technology would help mitigate this risk?

Options are :

  • Encrypt all DHCP communication with TLS
  • FDE on the DHCP server
  • Network Address Allocation
  • IPSec for all DHCP communications

Answer :Network Address Allocation

Wayne works for a large law firm and manages network security. It's common for guests who come to the law firm to need to connect to the WiFi. He wishes to ensure that he provides maximum security when these guests connect using their own devices, but also seeks to provide assurance to the guests that his company will have minimal impact on their devices. What is the best solution?

Options are :

  • Permanent NAC agent
  • Agentless NAC
  • Dissolvable NAC agent
  • Implement COPE

Answer :Dissolvable NAC agent

Kim would like to implement a server authentication method that depends on TPM in a server. What's the best approach?

Options are :

  • Hardware-based access control
  • Software-based access control
  • Digital certificate-based access control
  • Chip-based access control

Answer :Hardware-based access control

CompTIA HT0-201 DHTI+ Certification Practice Exam Set 2

Which should be required by a company to mitigate the impact of a custom piece of software being installed by a vendor in case the vendor later goes out of business?

Options are :

  • A detailed credit investigation prior to acquisition
  • A third-party source code escrow
  • Substantial penalties for breach of contract
  • Standby contracts with other vendors

Answer :A third-party source code escrow

You work for a company that has outsourced development of a specific application to a local programming firm, however, after three months of using the product, one of your accountants accidentally discovers a way to log in and bypass all security and authentication. Of the following options, what best describes this?

Options are :

  • Logic bomb
  • Trojan horse
  • Backdoor
  • Rootkit

Answer :Backdoor

Which of the following statements is true about symmetric algorithms?

Options are :

  • They hide data within an image file.
  • They use one key to encrypt and another key to decrypt data
  • They use a single key to encrypt/decrypt
  • They use a single key to create a hashing value

Answer :They use a single key to encrypt/decrypt

FC0-U41 CompTIA Strata IT Fundamentals Practice Test Set 9

Using the image provided, place the port numbers in the correct order with their associated protocols:

Options are :

  • 161, 22, 110, 23
  • 22, 110, 161, 23
  • 110, 161, 23, 22
  • 23, 110, 22, 161

Answer :22, 110, 161, 23

CT0-101 Convergence+ Certification Practice Exam Set 7

How would you appropriately categorize the authentication method being displayed here?

Options are :

  • Biometric authentication
  • One-time password authentication
  • Multi-factor authentication
  • PAP authentication

Answer :Biometric authentication

Which of the following types of attacks occurs when an attacker attempts to gain confidential information or login credentials by sending targeted emails to a specific set of recipients within an organization?

Options are :

  • Phishing
  • Hoax
  • Vishing
  • Pharming
  • Spear phishing

Answer :Spear phishing

You have been asked to help conduct a white box penetration test. As part of your preparations, you have been given the source code for the organization's custom web application. Which type of vulnerability might be able to exploit the code shown in this image?

Options are :

  • Buffer overflow
  • SQL injection
  • Remote code execution
  • JavaScript injection

Answer :Buffer overflow

CAS-001 CompTIA Advanced Security Practitioner Practice Exam Set 11

Using the image provided, select four security features that you should use with a workstation or laptop within your organization?

Options are :

  • Remote wipe, Location tracking, Host-based firewall, Cable lock
  • Cable lock, Network sniffer, Host-based firewall, Remote wipe
  • Host-based firewall, Network sniffer, Cable lock, CAT5e STP
  • CAT5e STP, Location tracking, Host-based firewall, Remote wipe

Answer :Host-based firewall, Network sniffer, Cable lock, CAT5e STP

Of the following, which provides the best examples of the drawback of symmetric key systems?

Options are :

  • You must use different keys for encryption/decryption
  • The algorithm is more complex
  • The system works much more slowly than an asymmetric system
  • The key must be delivered in a secure manner

Answer :The key must be delivered in a secure manner

Shelton is the manager at one of your local branch banks. He wants to ensure all customer information isn't compromised when the employees step away from their desks for a day. What would be used to mitigate this concern?

Options are :

  • Clean desk
  • Background checks
  • Continuing education
  • Job rotation

Answer :Clean desk

N10-006 CompTIA Network+ Certification Practice Test Set 2

You've noticed that someone has been rummaging through the company's trash bins looking for documents, diagrams, and other sensitive information that's been thrown out. What is this called?

Options are :

  • Dumpster diving
  • Trash diving
  • Social engineering
  • Trash engineering

Answer :Dumpster diving

Your company has purchased new laptops for your salespeople. Your IT department plans to dispose of the hard drives from the old computers as part of a sale. Which method would you use to properly dispose of the hard drives?

Options are :

  • Destruction
  • Shredding
  • Purging
  • Formatting

Answer :Purging

Kevin manages the security for his company and is working to implement a kernel integrity subsystem for key servers. Of the following list, what is the primary benefit of this?

Options are :

  • To detect malware
  • To detect whether files have been altered
  • To detect rogue programs being installed
  • To detect changes to user accounts

Answer :To detect whether files have been altered

CompTIA Security+ (SY0-501) Practice Exams with Simulations Set 3

Penny, a saleslady in your company, sent in a request for assistance with a computer that is behaving sluggishly. You've checked but don't see any obvious malware, but you did locate a temp folder with JPEGs which are screenshots of his desktop. Of the following, which is most likely the cause?

Options are :

  • She is stealing data from the company
  • There is a backdoor on the computer
  • There is spyware on the system
  • Windows needs to be updated

Answer :There is spyware on the system

Of the following cloud service models, which service provides the consumer with the infrastructure to create and host applications?

Options are :

  • SaaS
  • PaaS
  • IaaS
  • CaaS

Answer :PaaS

While working through a malware outbreak, you discover something very odd on your company network. There's a file that has the same name as a Windows system DLL file and has the same API interface but handles the input very differently. It also looks like applications have been attaching to this file rather than the real system DLL. What best describes this?

Options are :

  • Shimming
  • Trojan horse
  • Backdoor
  • Refactoring

Answer :Shimming

CV0-001 CompTIA Cloud+ Certification Practice Exam Set 1

Carolyn is the network administrator for a small financial services company and is responsible for controlling access to the resources on her network. Which technology is responsible for blocking access to a resource based on the requesting IP address?

Options are :

  • ACL
  • NIPS
  • HIPS
  • Port blocking

Answer :ACL

Choose the type of attack that is based on entering fake information into a target network domain name server?

Options are :

  • DNS poisoning
  • ARP poisoning
  • Bluesnarfing
  • Bluejacking

Answer :DNS poisoning

You are concerned about fault tolerance for the database server you manage. You need to ensure that if a single drive fails, the data can be recovered. What RAID level would be used to support this goal while simultaneously distributing parity bits?

Options are :

  • RAID 0
  • RAID 1
  • RAID 3
  • RAID 5

Answer :RAID 5

CompTIA MB0-001 Mobility+ Certification Practice Exam Set 9

Which cryptography option uses points on a curve to define public and private key pairs?

Options are :

  • Obfuscation
  • ECC
  • Stream cipher
  • Block cipher

Answer :ECC

Of the listed principles, which is not a part of password complexity?

Options are :

  • Using both uppercase and lowercase letters
  • Minimum password length
  • Using numbers
  • Using symbols (such as $, *, &)

Answer :Minimum password length

Which of the following provides an example of stream cipher?

Options are :

  • AES
  • DES
  • 3DES
  • RC4

Answer :RC4

CD0-001 CDIA+ Certification Practice Exam Set 1

You currently have web developers in your company who have direct access to production servers and can deploy code to it. These actions can lead to insecure code and code flaws being deployed to directly into the live environment. Currently, your company only has one server available (the production server). What is the best change that can be made to mitigate this risk?

Options are :

  • Implement sandboxing
  • Implement virtualized servers
  • Implement a staging server
  • Implement deployment policies

Answer :Implement a staging server

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions