SY0-401 CompTIA Security+ Certification Practice Exam Set 8

The security administrator needs to manage traffic on a layer 3 device to support FTP from a new
remote site.
Which of the following would need to be implemented?


Options are :

  • Implicit deny
  • VLAN management
  • Port security
  • Access control lists (Correct)

Answer : Access control lists

Pete, the system administrator, wants to restrict access to advertisements, games, and gambling
websites.
Which of the following devices would BEST achieve this goal?


Options are :

  • Firewall
  • URL content filter (Correct)
  • Switch
  • Spam filter

Answer : URL content filter

Layer 7 devices used to prevent specific types of html tags are called:


Options are :

  • Routers
  • Content filters (Correct)
  • Firewalls
  • NIDS

Answer : Content filters

220-702 CompTIA A+ Practical Application Practice Exam Set 12

Sara, a security technician, has received notice that a vendor coming in for a presentation will
require access to a server outside of the network. Currently, users are only able to access remote
sites through a VPN connection.
How could Sara BEST accommodate the vendor?


Options are :

  • Allow incoming IPSec traffic into the vendor’s IP address.
  • Set up a VPN account for the vendor, allowing access to the remote site.
  • Turn off the firewall while the vendor is in the office, allowing access to the remote site.
  • Write a firewall rule to allow the vendor to have access to the remote site. (Correct)

Answer : Write a firewall rule to allow the vendor to have access to the remote site.

Which of the following components of an all-in-one security appliance would MOST likely be
configured in order to restrict access to peer-to-peer file sharing websites?


Options are :

  • URL filter (Correct)
  • Content inspection
  • Malware inspection
  • Spam filter

Answer : URL filter

Joe, a technician at the local power plant, notices that several turbines had ramped up in cycles
during the week. Further investigation by the system engineering team determined that a timed
.exe file had been uploaded to the system control console during a visit by international
contractors.
Which of the following actions should Joe recommend?


Options are :

  • Implement stronger WPA2 Wireless
  • Implement patch management
  • Create a VLAN for the SCADA (Correct)
  • Enable PKI for the MainFrame

Answer : Create a VLAN for the SCADA

JK0-015 CompTIA E2C Security+ 2008 Edition Practice Exam Set 2

A company has proprietary mission critical devices connected to their network which are
configured remotely by both employees and approved customers. The administrator wants to
monitor device security without changing their baseline configuration.
Which of the following should be implemented to secure the devices without risking availability?


Options are :

  • IPS
  • IDS (Correct)
  • Honeypot
  • Host-based firewall

Answer : IDS

The Human Resources department has a parent shared folder setup on the server. There are two
groups that have access, one called managers and one called staff. There are many sub folders
under the parent shared folder, one is called payroll. The parent folder access control list
propagates all subfolders and all subfolders inherit the parent permission.
Which of the following is the quickest way to prevent the staff group from gaining access to the
payroll folder?


Options are :

  • Implicit deny on the payroll folder for the managers group
  • Remove the staff group from the payroll folder
  • Remove inheritance from the payroll folder
  • Implicit deny on the payroll folder for the staff group (Correct)

Answer : Implicit deny on the payroll folder for the staff group

Matt, the network engineer, has been tasked with separating network traffic between virtual
machines on a single hypervisor.
Which of the following would he implement to BEST address this requirement? (Choose two.)
A.
Virtual switch
B.
NAT
C.
System partitioning
D.
Access-list
E.
Disable spanning tree
F.
VLAN


Options are :

  • D,E
  • A,C
  • A,F (Correct)
  • A,B

Answer : A,F

CompTIA Advanced Security Practitioner(CASP+) Practice Exams Set 3

Pete, an employee, attempts to visit a popular social networking site but it is blocked. Instead, a
page is displayed notifying him that this site cannot be visited.
Which of the following is MOST likely blocking Pete’s access to this site?


Options are :

  • Firewall
  • Proxy server
  • Protocol analyzer
  • Internet content filter (Correct)

Answer : Internet content filter

In intrusion detection system vernacular, which account is responsible for setting the security
policy for an organization?


Options are :

  • Supervisor
  • Administrator (Correct)
  • Root
  • Director

Answer : Administrator

The security administrator at ABC company received the following log information from an external
party:
10:45:01 EST, SRC 10.4.3.7:3056, DST 8.4.2.1:80, ALERT, Directory traversal
10:45:02 EST, SRC 10.4.3.7:3057, DST 8.4.2.1:80, ALERT, Account brute force
10:45:03 EST, SRC 10.4.3.7:3058, DST 8.4.2.1:80, ALERT, Port scan
The external party is reporting attacks coming from abc-company.com.
Which of the following is the reason the ABC company’s security administrator is unable to
determine the origin of the attack?


Options are :

  • The log is not in UTC.
  • ABC company uses PAT. (Correct)
  • The external party uses a firewall.
  • A NIDS was used in place of a NIPS.

Answer : ABC company uses PAT.

CV0-001 CompTIA Cloud+ Certification Practice Exam Set 3

The Chief Information Security Officer (CISO) has mandated that all IT systems with credit card
data should be segregated from the main corporate network to prevent unauthorized access and
that access to the IT systems should be logged.
Which of the following would BEST meet the CISO’s requirements?


Options are :

  • NIDS
  • Layer 2 switches
  • Sniffers
  • Firewalls (Correct)
  • Web proxies

Answer : Firewalls

When performing the daily review of the system vulnerability scans of the network Joe, the
administrator, noticed several security related vulnerabilities with an assigned vulnerability
identification number. Joe researches the assigned vulnerability identification number from the
vendor website. Joe proceeds with applying the recommended solution for identified vulnerability.
Which of the following is the type of vulnerability described?


Options are :

  • Network based
  • Signature based (Correct)
  • Host based
  • IDS

Answer : Signature based

At an organization, unauthorized users have been accessing network resources via unused
network wall jacks.
Which of the following would be used to stop unauthorized access?


Options are :

  • Configure an access list.
  • Configure port security. (Correct)
  • Configure loop protection.
  • Configure spanning tree protocol.

Answer : Configure port security.

N10-006 CompTIA Network+ Certification Practice Test Set 4

A database administrator contacts a security administrator to request firewall changes for a
connection to a new internal application. The security administrator notices that the new
application uses a port typically monopolized by a virus. The security administrator denies the
request and suggests a new port or service be used to complete the application’s task.
Which of the following is the security administrator practicing in this example?


Options are :

  • Explicit deny
  • Implicit deny
  • Access control lists (Correct)
  • Port security

Answer : Access control lists

Which of the following is BEST at blocking attacks and providing security at layer 7 of the OSI
model?


Options are :

  • Switches
  • NIDS
  • WAF (Correct)
  • Routers

Answer : WAF

A technician is deploying virtual machines for multiple customers on a single physical host to
reduce power consumption in a data center.
Which of the following should be recommended to isolate the VMs from one another?


Options are :

  • Install HIPS on each VM
  • Implement a virtual firewall
  • Develop a patch management guide
  • Virtual switches with VLANs (Correct)

Answer : Virtual switches with VLANs

CompTIA PD1-001 PDI+ Beta Certification Practice Exam Set 3

Which of the following firewall types inspects Ethernet traffic at the MOST levels of the OSI
model?


Options are :

  • Packet Filter Firewall
  • Stateful Firewall (Correct)
  • Application Firewall
  • Proxy Firewall

Answer : Stateful Firewall

Which of the following should the security administrator implement to limit web traffic based on
country of origin? (Choose three.)
A.
Spam filter
B.
Load balancer
C.
Antivirus
D.
Proxies
E.
Firewall
F.
NIDS
G.
URL filtering


Options are :

  • C,D,E
  • A,B,C
  • D,E,G (Correct)
  • E,G,D

Answer : D,E,G

Pete, a security administrator, has observed repeated attempts to break into the network.
Which of the following is designed to stop an intrusion on the network?


Options are :

  • HIPS
  • NIDS
  • HIDS
  • NIPS (Correct)

Answer : NIPS

JK0-802 CompTIA A+ Certification Exam Set 2

Which of the following security devices can be replicated on a Linux based computer using IP
tables to inspect and properly handle network based traffic?


Options are :

  • Firewall (Correct)
  • Router
  • Sniffer
  • Switch

Answer : Firewall

An administrator is looking to implement a security device which will be able not only to detect
network intrusions at the organization level, but also help to defend against them.
Which of the following is being described here?


Options are :

  • NIPS (Correct)
  • HIDS
  • NIDS
  • HIPS

Answer : NIPS

While configuring a new access layer switch, the administrator, Joe, was advised that he needed
to make sure that only devices authorized to access the network would be permitted to login and
utilize resources.
Which of the following should the administrator implement to ensure this happens?


Options are :

  • Network separation
  • 802.1x (Correct)
  • Log Analysis
  • VLAN Management

Answer : 802.1x

CompTIA Security+ Certification (SY0-501): Practice Tests

Which the following flags are used to establish a TCP connection? (Choose two.)A.
PSH
B.
ACK
C.
SYN
D.
URG
E.
FIN


Options are :

  • A,D
  • D,B
  • B,C (Correct)
  • C,D

Answer : B,C

On Monday, all company employees report being unable to connect to the corporate wireless
network, which uses 802.1x with PEAP. A technician verifies that no configuration changes were
made to the wireless network and its supporting infrastructure, and that there are no outages.
Which of the following is the MOST likely cause for this issue?


Options are :

  • The DNS server is overwhelmed with connections and is unable to respond to queries.
  • The Remote Authentication Dial-In User Service server certificate has expired (Correct)
  • The company IDS detected a wireless attack and disabled the wireless network.
  • Too many incorrect authentication attempts have caused users to be temporarily disabled.

Answer : The Remote Authentication Dial-In User Service server certificate has expired

The administrator receives a call from an employee named Joe. Joe says the Internet is down and
he is receiving a blank page when typing to connect to a popular sports website. The administrator
asks Joe to try visiting a popular search engine site, which Joe reports as successful. Joe then
says that he can get to the sports site on this phone.
Which of the following might the administrator need to configure?


Options are :

  • The access rules on the IDS
  • The pop up blocker in the employee’s browser
  • The default block page on the URL filter (Correct)
  • The sensitivity level of the spam filter

Answer : The default block page on the URL filter

SY0-401 CompTIA Security+ Certification Practice Exam Set 9

A company determines a need for additional protection from rogue devices plugging into physical
ports around the building.
Which of the following provides the highest degree of protection from unauthorized wired network
access?


Options are :

  • Flood guards
  • 802.1x (Correct)
  • Intrusion Prevention Systems
  • MAC filtering

Answer : 802.1x

Which of the following is the best practice when securing a switch from physical access?


Options are :

  • Disable unused ports (Correct)
  • Disable unnecessary accounts
  • Print baseline configuration
  • Enable access lists

Answer : Disable unused ports

Mike, a network administrator, has been asked to passively monitor network traffic to the
company’s sales websites.
Which of the following would be BEST suited for this task?


Options are :

  • Spam filter
  • Firewall
  • HIDS
  • NIPS (Correct)

Answer : NIPS

CompTIA Network+ 6 Certification Practice Exams - 2019 Set 3

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions