JK0-015 CompTIA E2C Security+ 2008 Edition Practice Exam Set 7

Which of the following is the BEST example of a physical security policy?   


Options are :

  • All new employees are required to be mentored by a senior employee for their first few months on the job.
  • All server room users are required to have unique usernames and passwords.
  • New server room construction requires a single entrance that is heavily protected. (Correct)
  • All doors to the server room must have signage indicating that it is a server room.

Answer : New server room construction requires a single entrance that is heavily protected.

CompTIA JK0-801 A+ Laptops Printers and Operational Exam Set 4

The benefit of using software whole disk encryption is:   


Options are :

  • the disk's MBR is encrypted as well.
  • the entire file system is encrypted in case of theft. (Correct)
  • unauthorized disk access is logged in a separate bit.
  • the data can be retrieved easier if the disk is damaged

Answer : the entire file system is encrypted in case of theft.

Which of the following is the MOST efficient way to secure a single laptop from an external attack? 


Options are :

  • HIDS
  • Hardware firewall
  • Software firewall (Correct)
  • NIPS

Answer : Software firewall

Security related training should be used to teach the importance of which of the following behaviors? 


Options are :

  • Data handling
  • Cross-site scripting
  • Data mining
  • Routine audits (Correct)

Answer : Routine audits

CompTIA JK0-015 E2C Security+ Certification Practice Test Set 9

Which of the following is seen as non-secure based on its ability to only store seven uppercase characters of data making it susceptible to brute force attacks? 


Options are :

  • NTLMv2
  • CHAP
  • LANMAN (Correct)
  • PAP

Answer : LANMAN

Which of the following risk mitigation strategies would ensure that the proper configurations are applied to a system?   


Options are :

  • Change management
  • Tailgating
  • Application fuzzing
  • Incident management (Correct)

Answer : Incident management

Which of the following is the way of actively testing security controls on a system? 


Options are :

  • Penetration testing (Correct)
  • Vulnerability scanning
  • White box testing
  • Port scanning

Answer : Penetration testing

N10-006 CompTIA Network+ Certification Practice Test Set 4

Which of the following is MOST relevant to a buffer overflow attack? 


Options are :

  • NOOP instructions (Correct)
  • Set flags
  • Sequence numbers
  • IV length

Answer : NOOP instructions

Which of the following is another name for a malicious attacker? 


Options are :

  • Fuzzer
  • Black hat (Correct)
  • Penetration tester
  • White hat

Answer : Black hat

Which of the following uses TCP port 22 by default?   


Options are :

  • HTTPS, SFTP, andTFTP
  • TLS, TELNET, and SCP
  • SSH, SCP, and SFTP (Correct)
  • SSL, SCP, andTFTP

Answer : SSH, SCP, and SFTP

SK0-004 CompTIA Server+ Certification Practice Exam Set 5

Which of the following allows a company to maintain access to encrypted resources when employee turnover is high? 


Options are :

  • Certificate authority
  • Trust model
  • Key escrow (Correct)
  • Recovery agent

Answer : Key escrow

A user reports that after a recent business trip, their laptop started having performance issues and unauthorized emails have been sent out from the laptop. Which of the following will resolve this issue? 


Options are :

  • Installing a new pop-up blocker
  • Updating the user's laptop with current antivirus (Correct)
  • Updating the anti-spam application on the laptop
  • Updating the user's digital signature

Answer : Updating the user's laptop with current antivirus

Which of the following protocols assists in identifying a user, by the generation of a key, to establish a secure session for command line administration of a computer? 


Options are :

  • SFTP
  • SSH (Correct)
  • FTP
  • DNS

Answer : SSH

SK0-004 CompTIA Server+ Certification Practice Exam Set 2

Which of the following reduces the likelihood of a single point of failure when a server fails? 


Options are :

  • Clustering (Correct)
  • Virtualization
  • Cold site
  • RAID

Answer : Clustering

Which of the following would be used to distribute the processing effort to generate hashes for a password cracking program? 


Options are :

  • Clustering (Correct)
  • Redundancy
  • Virtualization
  • RAID

Answer : Clustering

An administrator is taking an image of a server and converting it to a virtual instance. Which of the following BEST describes the information security requirements of a virtualized server? 


Options are :

  • Virtual servers require OS hardening but not patching or antivirus
  • Virtual servers have the same information security requirements as physical servers. (Correct)
  • Virtual servers only require data security controls and do not require licenses.
  • Virtual servers inherit information security controls from the hypervisor

Answer : Virtual servers have the same information security requirements as physical servers.

SY0-401 CompTIA Security+ Certification Practice Exam Set 1

When examining HTTP server logs the security administrator notices that the company's online store crashes after a particular search string is executed by a single external user. Which of the following BEST describes this type of attack?   


Options are :

  • DoS (Correct)
  • Spoofing
  • Spim
  • DDoS

Answer : DoS

An administrator is updating firmware on routers throughout the company. Where should the administrator document this work? 


Options are :

  • Router's System Log
  • Event Viewer
  • Compliance Review System
  • Change Management System (Correct)

Answer : Change Management System

Which of the following is an advantage of an employer providing smartphones to their employees instead of regular cellular phones?   


Options are :

  • Smartphones can be used to access open WAPs for coverage redundancy. (Correct)
  • Smartphones can encrypt and password protect data.
  • Smartphone calls have a second layer of encryption
  • Smartphones can be tied to multiple PCs for data transferring.

Answer : Smartphones can be used to access open WAPs for coverage redundancy.

SY0-401 CompTIA Security+ Certification Practice Exam Set 9

Which of the following wireless attacks uses a counterfeit base station with the same SSID name as a nearby intended wireless network? 


Options are :

  • Evil twin (Correct)
  • War chalking
  • War driving
  • Rogue access point

Answer : Evil twin

Isolation mode on an AP provides which of the following functionality types? 


Options are :

  • Segmentation of each wireless user from other wireless users (Correct)
  • Hides the service set identifier
  • Makes the router invisible to other routers
  • Disallows all users from communicating directly with the AP

Answer : Segmentation of each wireless user from other wireless users

Which of the following would a security administrator implement if a parking lot needs to be constantly monitored? 


Options are :

  • Proximity readers
  • Mantraps
  • Video surveillance (Correct)
  • Mandatory access control

Answer : Video surveillance

JK0-017 CompTIA E2C Project+ Certification Practice Exam Set 4

A user reports that the spreadsheet they use for the department will not open. The spreadsheet is located on a server that was recently patched. Which of the following logs would the technician review FIRST? 


Options are :

  • Firewall
  • DNS
  • Access (Correct)
  • Antivirus

Answer : Access

A security administrator is setting up a corporate wireless network using WPA2 with CCMP but does not want to use PSK for authentication. Which of the following could be used to support 802.1x authentication? 


Options are :

  • Kerberos
  • Smart card
  • LDAP
  • RADIUS (Correct)

Answer : RADIUS

Which of the following components is MOST integral to HTTPS?   


Options are :

  • Mutual authentication
  • Symmetric session keys
  • Diffie-Hellman key exchange (Correct)
  • PGP

Answer : Diffie-Hellman key exchange

N10-006 CompTIA Network+ Certification Practice Test Set 8

A company has remote workers with laptops that house sensitive data. Which of the following can be implemented to recover the laptops if they are lost? 


Options are :

  • GPS tracking (Correct)
  • NIDS
  • Remote sanitation
  • Whole disk encryption

Answer : GPS tracking

The company Chief Information Officer (CIO) contacts the security administrator about an email asking for money in order to receive the key that would decrypt the source code that the attacker stole and encrypted. Which of the following malware types is this MOST likely to be? 


Options are :

  • Ransomware (Correct)
  • Worm
  • Spyware
  • Virus

Answer : Ransomware

A security administrator performs various audits of a specific system after an attack. Which of the following BEST describes this type of risk mitigation? 


Options are :

  • New policy implementation
  • Incident management (Correct)
  • Change management
  • User training

Answer : Incident management

CompTIA JK0-022 Security Cryptography Certification Exam Set 6

Which of the following signature-based monitoring systems is used to detect and remove known worms and Trojans on a host? 


Options are :

  • HIDS
  • Anti-spam
  • Antivirus (Correct)
  • NIPS

Answer : Antivirus

Which of the following tools can execute a ping sweep?   


Options are :

  • Protocol analyzer
  • Network mapper (Correct)
  • Anti-virus scanner
  • Password cracker

Answer : Network mapper

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions