CompTIA Security+ (SY0-501) Practice Exams with Simulations Set 5

Josh noticed that an attacker is trying to get network passwords by using a software that attempts a number of passwords from a list of common passwords. What type of attack is this called?


Options are :

  • Dictionary
  • Rainbow table
  • Brute force
  • Session hijacking

Answer :Dictionary

As a security officer, you are concerned about data loss prevention (DLP). You have limited the use of USBs as well as all other portable media, you use an IDS to look for large volumes of outbound data, and a guard search all bags and people before they leave the building. What is a key step in the DLP that you have missed?


Options are :

  • Portable drives
  • Email
  • Bluetooth
  • Optical media

Answer :Email

Laura is responsible for security on the new e-commerce server. She would like to verify that online transactions are secure. What technology should she use?


Options are :

  • L2TP
  • IPSec
  • SSL
  • TLS

Answer :TLS

CLO-001 CompTIA Cloud Essentials Certification Practice Test Set 8

What is the purpose of screen locks on mobile devices?


Options are :

  • To encrypt the device
  • To limit access to the device
  • To load a specific user’s apps
  • To connect to WiFi

Answer :To limit access to the device

Lance is the network administrator for a small college that has recently implemented a simple NIDS. However, the NIDS seems to catch only well-known attacks. What technology seems to be missing?


Options are :

  • Heuristic scanning
  • Signature scanning
  • Passive scanning
  • Active scanning

Answer :Heuristic scanning

How would you appropriately categorize the authentication method being displayed here?


Options are :

  • Biometric authentication
  • One-time password authentication
  • Multi-factor authentication
  • PAP authentication

Answer :Biometric authentication

CompTIA JK0-801 A+ Certification Practical Exam Set 8

Based on the image provided, what type of attack is occurring?


Options are :

  • SYN flood
  • Smurf attack
  • Ping flood
  • DDoS

Answer :Smurf attack

Which of the following types of attacks occurs when an attacker attempts to obtain personal or private information through domain spoofing or by poisoning a DNS server?



Options are :

  • Pharming
  • Hoax
  • Vishing
  • Spamming
  • Spear phishing

Answer :Pharming

You have just finished running a vulnerability scan of the network and are reviewing the results. The first result in the report shows the following vulnerability:

You log into the MySQL server and verify that you are currently running version 3.5.3. Based on the item shown on the image, what best describes how you should categorize this finding?


Options are :

  • True negative
  • True positive
  • False negative
  • False positive

Answer :False positive

CompTIA Cyber Security Analyst (CySA+) Practice Exams 2019 Set 10

Dion Training has recently opened an Internet café for students to use during their lunch break. Unfortunately, Dion Training doesn’t have any wireless networks in their building, so they have placed three laptops in the Internet café. What protection should be installed to best prevent the laptops from being stolen?


Options are :

  • Proximity badge
  • Safe
  • Cable locks
  • CCTV

Answer :Cable locks

Of the following, which would allow a user permission to install only certain programs on a company-owned mobile device?


Options are :

  • Whitelisting
  • Blacklisting
  • ACL
  • HIDS

Answer :Whitelisting

Kevin, the helpdesk manager, calls stating that there has been an increase in calls from users who are stating that their computers are infected with malware. Which of the following steps should be taken first?


Options are :

  • Containment
  • Eradication
  • Lessons learned
  • Identification

Answer :Identification

CAS-001 CompTIA Advanced Security Practitioner Practice Exam Set 4

Cierra is the CISO for her company. She’s working to mitigate the danger of computer viruses in her network. Which administrative control can be implemented to assist with this goal?


Options are :

  • Implement host-based antimalware
  • Implement policies regarding email attachments and file downloads
  • Implement network-based antimalware
  • Block portable storage devices from being able to connect to computers

Answer :Implement policies regarding email attachments and file downloads

Ashley was asked to implement a secure protocol to use during file transfers that use digital certificates. What protocol would be the best option?


Options are :

  • FTP
  • SFTP
  • FTPS
  • SCP

Answer :FTPS

You are a network security administrator for a bank and you have noticed that an attacker has exploited a flaw in OpenSSL and forced connections to move to a weak cipher which the attacker can breach. What type of attack is this?


Options are :

  • Disassociation attack
  • Downgrade attack
  • Session hijack
  • Brute force

Answer :Downgrade attack

JK0-802 CompTIA A+ Certification Exam Set 9

Alissa manages the network for her company, a health club chain. She’s working to find a communication technology option that uses low power and can spend long periods in sleep modes. What technology would be the best fit?


Options are :

  • WiFi
  • Cellular
  • Bluetooth
  • ANT

Answer :ANT

What type of attack uses a second WAP with the same SSID as a legitimate AP in an attempt to get user information via connecting to the hackers WAP?


Options are :

  • Evil twin
  • IP spoofing
  • Trojan horse
  • MAC spoofing

Answer :Evil twin

You’ve noticed someone has been rummaging through your company’s trash bins for documents, diagrams, and other sensitive information that has been thrown out. What is this known as?


Options are :

  • Dumpster diving
  • Trash diving
  • Social engineering
  • Trash engineering

Answer :Dumpster diving

HT0-201 CEA- CompTIA DHTI+ Certification Practice Exam Set 4

Which of the following types of firewalls will examine the context of each packet it encounters?


Options are :

  • Packet filtering firewall
  • Stateful packet filtering firewall
  • Application layer firewall
  • Gateway firewall

Answer :Stateful packet filtering firewall

Frank is concerned about an attacker enumerating his entire network. What protocol could help mitigate this issue?


Options are :

  • HTTPS
  • TLS
  • IPSec
  • LDAPS

Answer :LDAPS

Of the following, which is the correct term that is used to describe a virus that can infect both the program files and the boot sectors?


Options are :

  • Polymorphic
  • Multipartite
  • Stealth
  • Multiple encrypting

Answer :Multipartite

CompTIA Network+ (N10-007) 6 Practice Exams and Simulations Set 4

John works on database server security for his company. He is concerned about preventing unauthorized access to the databases. Which of the following is the most appropriate for him to implement?


Options are :

  • ABAC
  • TOTP
  • HIDS
  • DAMP

Answer :DAMP

Which of the following best describes what mobile content management (MCM) on a mobile device is used for?


Options are :

  • Limiting how much content can be stored on a device
  • Limiting the type of content that can be accessed on the device
  • Disabling the wireless network on the mobile device
  • Digital signing of authorized content

Answer :Limiting the type of content that can be accessed on the device

You’re looking to begin accepting electronic orders from a vendor and you want to ensure that people who aren’t authorized cannot send orders. Your manager wants a solution that allows the opportunity to provide nonrepudiation. Which of the following would meet the specified requirements?


Options are :

  • Digital signatures
  • Hashes
  • Steganography
  • Perfect forward secrecy

Answer :Digital signatures

BR0-001 CompTIA Bridge Security+ Certification Practice Exam Set 1

Of the following examples, which is an example of a custodian security role?


Options are :

  • Human resources employee
  • Sales executive
  • CEO
  • Database backup operator

Answer :Human resources employee

You are the security administrator for a large company where occasionally, a user needs to access certain resources that the user doesn’t have permission to access. Which method would be the most beneficial?


Options are :

  • Mandatory Access Control
  • Discretionary Access Control
  • Role-based Access Control
  • Rule-based Access Control

Answer :Rule-based Access Control

Derrick is implementing virtualized systems in his network. He’s currently using a Type I hypervisor. What operating system should be on the machines in order for him to install the hypervisor?


Options are :

  • None
  • Windows
  • Any operating system
  • Windows or Linux

Answer :None

FC0-U41 CompTIA Strata IT Fundamentals Practice Test Set 4

When using a NIDS or NIPS in your organization, what are your two biggest concerns?


Options are :

  • Cost and false positives
  • False positives and false negatives
  • Power consumption and cost
  • Management interface and cost

Answer :False positives and false negatives

Lonnie has been assigned the task of choosing a backup communication method for his company in the case of a disaster that disrupts normal communication. Which option provides the most reliability?


Options are :

  • Cellular
  • WiFi
  • SATCOM
  • VoIP

Answer :SATCOM

You’re currently looking for a network authentication method that uses digital certificates and doesn’t require users to remember passwords. Which method is the most beneficial?


Options are :

  • OAuth
  • Tokens
  • OpenID
  • RBAC

Answer :Tokens

CompTIA JK0-801 A+ Certification Certified Practice Exam Set 1

Your organization wants to install a new accounting system and is considering moving to a cloud-based solution to reduce cost, reduce the information technology overhead costs, to improve reliability, and to improve availability. Your Chief Information Officer is supportive of this move since it will be more fiscally responsible, but the Chief Risk Officer is concerned with housing all of the company’s confidential financial data in a cloud provider’s network that might be shared with other companies. Since the Chief Information Officer is determined to move to the cloud, what type of cloud-based solution would you recommend to account for the Chief Risk Officer’s concerns?


Options are :

  • PaaS in a community cloud
  • SaaS in a private cloud
  • PaaS in a hybrid cloud
  • SaaS in a public cloud

Answer :SaaS in a private cloud

CompTIA Network+ 6 Certification Practice Exams - 2019 Set 7

Steven works for a small company and they’re concerned about authentication and would like to implement biometrics using facial recognition and fingerprint scanning. How is this authentication classified?


Options are :

  • Type I
  • Type II
  • Type III
  • Strong

Answer :Type III

Choose the primary difference between an intrusive and a nonintrusive vulnerability scan:


Options are :

  • An intrusive scan is a penetration test
  • A nonintrusive scan is just a document check
  • An intrusive scan could potentially disrupt operations
  • A nonintrusive scan will not find most vulnerabilities

Answer :An intrusive scan could potentially disrupt operations

Laura is the IT manager for a small hotel. She would like to install wireless access points on each floor. While reading through the specifications, she notices they state that wireless access points should have minimal functionality, with all other configuration, authentication, and functionality centrally-controlled. What type of wireless access points should be considered for purchase?


Options are :

  • Fat
  • Controller-based
  • Stand-alone
  • 802.11i

Answer :Controller-based

SY0-401 CompTIA Security+ Certification Practice Exam Set 6

In a risk analysis meeting, you’re tasked with defining internal threats. Which is not considered an internal threat?


Options are :

  • Employees accessing external websites via company hosts
  • Embezzlement
  • Threat actors compromising a network through a firewall
  • Users connecting USB thumb drives (personal) to a workstation

Answer :Threat actors compromising a network through a firewall

You work for Big Data Incorporated as a physical security manager. You are concerned that the physical security at the entrance to the company is not sufficient. To increase your security, you are determined to prevent piggybacking. What technique should you implement first?


Options are :

  • Install CCTV to monitor the entrance
  • Install a mantrap at the entrance
  • Require all employees to wear security badges when entering the building
  • Install an RFID badge reader at the entrance

Answer :Install a mantrap at the entrance

Jennifer decided that the licensing cost for a piece of video editing software was too expensive. Instead, she decided to download a keygen program to generate her own license key and install a pirated version of the editing software. After she runs the keygen, a license key is created, but her system performance becomes very sluggish and her antimalware suite begins to display numerous alerts. Which of the following types of malware has Jennifer's machine most likely become infected with?


Options are :

  • Worm
  • Trojan
  • Adware
  • Logic bomb

Answer :Trojan

CompTIA Cloud+ Certification Test Set 1

An attacker is trying to get malformed queries sent to backend databases to circumvent the web page security. What type of attack depends on the attacker entering text into boxes on a webpage that isn’t normal text, but rather odd-looking commands designed to be inserted into database queries?


Options are :

  • SQL injection
  • Clickjacking
  • Cross-site scripting
  • Bluejacking

Answer :SQL injection

Your organization has been receiving a lot of phishing emails recently and you are trying to determine why they are effective in getting your users to click on their links. The latest email consists of what looks like an advertisement that is offering an exclusive early access opportunity to buy a new iPhone at a discounted price, but there are only 5 phones available at this price. What type of social engineering principle is being exploited here?


Options are :

  • Familiarity
  • Scarcity
  • Intimidation
  • Trust

Answer :Scarcity

Neil has been tasked with finding an authentication service handled by a third party that would allow users to access multiple websites, as long as the authentication service is supported by the website. What is the best choice?


Options are :

  • OpenID
  • Kerberos
  • NTLM
  • Shibboleth

Answer :OpenID

HT0-201 CEA- CompTIA DHTI+ Certification Practice Exam Set 4

Lisa is investigating a network breach and discovered a program that was able to execute code within the address space of another process by using a target process to load a specific library. What type of attack is this?


Options are :

  • Logic bomb
  • Session hijacking
  • Buffer overflow
  • DLL injection

Answer :DLL injection

Hilda needs a cost-effective backup solution that would allow for the restoration of data within a 24 hour RPO. The disaster recovery plan requires that backups occur during a specific timeframe each week and then the backups should be transported to an offsite facility for storage. What strategy should Hilda choose to BEST meet these requirements?


Options are :

  • Create a daily incremental backup to tape
  • Create disk-to-disk snapshots of the server every hour
  • Configure replication of the data to a set of servers located at a hot site
  • Conduct full backup daily to tape

Answer :Create a daily incremental backup to tape

Your company’s offices utilize an open concept floor plan. You are concerned that a visitor might attempt to steal an external hard drive and carry it out of the building. To mitigate this risk, your security department has recommended installing security cameras that are clearly visible to both employees and visitors. What type of security control do these camera represent?


Options are :

  • Corrective
  • Compensating
  • Administrative
  • Deterrent

Answer :Deterrent

SY0-401 CompTIA Security+ Certification Practice Exam Set 5

Steven is looking for a new firewall for his company. He’s concerned about a DoS attack, more specifically, SYN flood. Which of the following is the best option to protect against a SYN flood event?


Options are :

  • Packet filter
  • Application gateway
  • Bastion
  • SPI

Answer :SPI

Brady’s concerned about the security of data on mobile devices, such as smartphones and tablets that his company issues to employees. Of the following, which would be the most effective in preventing data loss, in the event a device is stolen?


Options are :

  • Remote wipe
  • Geolocation
  • Strong PIN
  • Limited data storage

Answer :Remote wipe

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions