JK0-015 CompTIA E2C Security+ 2008 Edition Practice Exam Set 7

Which of the following is the BEST example of a physical security policy?   

Options are :

  • All new employees are required to be mentored by a senior employee for their first few months on the job.
  • All server room users are required to have unique usernames and passwords.
  • New server room construction requires a single entrance that is heavily protected. (Correct)
  • All doors to the server room must have signage indicating that it is a server room.

Answer : New server room construction requires a single entrance that is heavily protected.

CompTIA Network+ 6 Certification Practice Exams - 2019 Set 9

The benefit of using software whole disk encryption is:   

Options are :

  • the disk's MBR is encrypted as well.
  • the entire file system is encrypted in case of theft. (Correct)
  • unauthorized disk access is logged in a separate bit.
  • the data can be retrieved easier if the disk is damaged

Answer : the entire file system is encrypted in case of theft.

Which of the following is the MOST efficient way to secure a single laptop from an external attack? 

Options are :

  • HIDS
  • Hardware firewall
  • Software firewall (Correct)
  • NIPS

Answer : Software firewall

Security related training should be used to teach the importance of which of the following behaviors? 

Options are :

  • Data handling
  • Cross-site scripting
  • Data mining
  • Routine audits (Correct)

Answer : Routine audits

CompTIA 220-801 A+ Advanced Certification Practice Exam Set 6

Which of the following is seen as non-secure based on its ability to only store seven uppercase characters of data making it susceptible to brute force attacks? 

Options are :

  • NTLMv2
  • CHAP
  • LANMAN (Correct)
  • PAP

Answer : LANMAN

Which of the following risk mitigation strategies would ensure that the proper configurations are applied to a system?   

Options are :

  • Change management
  • Tailgating
  • Application fuzzing
  • Incident management (Correct)

Answer : Incident management

Which of the following is the way of actively testing security controls on a system? 

Options are :

  • Penetration testing (Correct)
  • Vulnerability scanning
  • White box testing
  • Port scanning

Answer : Penetration testing

CompTIA Security+ Cert. (SY0-501) Practice Tests Set 3

Which of the following is MOST relevant to a buffer overflow attack? 

Options are :

  • NOOP instructions (Correct)
  • Set flags
  • Sequence numbers
  • IV length

Answer : NOOP instructions

Which of the following is another name for a malicious attacker? 

Options are :

  • Fuzzer
  • Black hat (Correct)
  • Penetration tester
  • White hat

Answer : Black hat

Which of the following uses TCP port 22 by default?   

Options are :

  • TLS, TELNET, and SCP
  • SSH, SCP, and SFTP (Correct)
  • SSL, SCP, andTFTP

Answer : SSH, SCP, and SFTP

JK0-016 CompTIA Network+ 2009 Edition Practice Exam Set 7

Which of the following allows a company to maintain access to encrypted resources when employee turnover is high? 

Options are :

  • Certificate authority
  • Trust model
  • Key escrow (Correct)
  • Recovery agent

Answer : Key escrow

A user reports that after a recent business trip, their laptop started having performance issues and unauthorized emails have been sent out from the laptop. Which of the following will resolve this issue? 

Options are :

  • Installing a new pop-up blocker
  • Updating the user's laptop with current antivirus (Correct)
  • Updating the anti-spam application on the laptop
  • Updating the user's digital signature

Answer : Updating the user's laptop with current antivirus

Which of the following protocols assists in identifying a user, by the generation of a key, to establish a secure session for command line administration of a computer? 

Options are :

  • SFTP
  • SSH (Correct)
  • FTP
  • DNS

Answer : SSH

SY0-401 CompTIA Security+ Certification Practice Exam Set 10

Which of the following reduces the likelihood of a single point of failure when a server fails? 

Options are :

  • Clustering (Correct)
  • Virtualization
  • Cold site
  • RAID

Answer : Clustering

Which of the following would be used to distribute the processing effort to generate hashes for a password cracking program? 

Options are :

  • Clustering (Correct)
  • Redundancy
  • Virtualization
  • RAID

Answer : Clustering

An administrator is taking an image of a server and converting it to a virtual instance. Which of the following BEST describes the information security requirements of a virtualized server? 

Options are :

  • Virtual servers require OS hardening but not patching or antivirus
  • Virtual servers have the same information security requirements as physical servers. (Correct)
  • Virtual servers only require data security controls and do not require licenses.
  • Virtual servers inherit information security controls from the hypervisor

Answer : Virtual servers have the same information security requirements as physical servers.

FC0-U41 CompTIA Strata IT Fundamentals Practice Exam Set 2

When examining HTTP server logs the security administrator notices that the company's online store crashes after a particular search string is executed by a single external user. Which of the following BEST describes this type of attack?   

Options are :

  • DoS (Correct)
  • Spoofing
  • Spim
  • DDoS

Answer : DoS

An administrator is updating firmware on routers throughout the company. Where should the administrator document this work? 

Options are :

  • Router's System Log
  • Event Viewer
  • Compliance Review System
  • Change Management System (Correct)

Answer : Change Management System

Which of the following is an advantage of an employer providing smartphones to their employees instead of regular cellular phones?   

Options are :

  • Smartphones can be used to access open WAPs for coverage redundancy. (Correct)
  • Smartphones can encrypt and password protect data.
  • Smartphone calls have a second layer of encryption
  • Smartphones can be tied to multiple PCs for data transferring.

Answer : Smartphones can be used to access open WAPs for coverage redundancy.

CompTIA CAS-002 Advanced Security Practitioner Certify Exam Set 4

Which of the following wireless attacks uses a counterfeit base station with the same SSID name as a nearby intended wireless network? 

Options are :

  • Evil twin (Correct)
  • War chalking
  • War driving
  • Rogue access point

Answer : Evil twin

Isolation mode on an AP provides which of the following functionality types? 

Options are :

  • Segmentation of each wireless user from other wireless users (Correct)
  • Hides the service set identifier
  • Makes the router invisible to other routers
  • Disallows all users from communicating directly with the AP

Answer : Segmentation of each wireless user from other wireless users

Which of the following would a security administrator implement if a parking lot needs to be constantly monitored? 

Options are :

  • Proximity readers
  • Mantraps
  • Video surveillance (Correct)
  • Mandatory access control

Answer : Video surveillance

A user reports that the spreadsheet they use for the department will not open. The spreadsheet is located on a server that was recently patched. Which of the following logs would the technician review FIRST? 

Options are :

  • Firewall
  • DNS
  • Access (Correct)
  • Antivirus

Answer : Access

A security administrator is setting up a corporate wireless network using WPA2 with CCMP but does not want to use PSK for authentication. Which of the following could be used to support 802.1x authentication? 

Options are :

  • Kerberos
  • Smart card
  • LDAP
  • RADIUS (Correct)

Answer : RADIUS

Which of the following components is MOST integral to HTTPS?   

Options are :

  • Mutual authentication
  • Symmetric session keys
  • Diffie-Hellman key exchange (Correct)
  • PGP

Answer : Diffie-Hellman key exchange

CompTIA IT Fundamentals (Exam FC0-U61) Practice Tests Set 1

A company has remote workers with laptops that house sensitive data. Which of the following can be implemented to recover the laptops if they are lost? 

Options are :

  • GPS tracking (Correct)
  • NIDS
  • Remote sanitation
  • Whole disk encryption

Answer : GPS tracking

The company Chief Information Officer (CIO) contacts the security administrator about an email asking for money in order to receive the key that would decrypt the source code that the attacker stole and encrypted. Which of the following malware types is this MOST likely to be? 

Options are :

  • Ransomware (Correct)
  • Worm
  • Spyware
  • Virus

Answer : Ransomware

A security administrator performs various audits of a specific system after an attack. Which of the following BEST describes this type of risk mitigation? 

Options are :

  • New policy implementation
  • Incident management (Correct)
  • Change management
  • User training

Answer : Incident management

SK0-004 CompTIA Server+ Certification Practice Exam Set 2

Which of the following signature-based monitoring systems is used to detect and remove known worms and Trojans on a host? 

Options are :

  • HIDS
  • Anti-spam
  • Antivirus (Correct)
  • NIPS

Answer : Antivirus

Which of the following tools can execute a ping sweep?   

Options are :

  • Protocol analyzer
  • Network mapper (Correct)
  • Anti-virus scanner
  • Password cracker

Answer : Network mapper

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions