SY0-401 CompTIA Security+ Certification Practice Exam Set 6

 To help prevent unauthorized access to PCs, a security administrator implements screen savers that lock the PC after five minutes of inactivity. Which of the following controls is being described in this situation?  
 


Options are :

  • Technical (Correct)
  • Administrative
  • Management
  • Operational

Answer : Technical

SY0-401 CompTIA Security+ Certification Practice Exam Set 9

The Chief Security Officer (CSO) is concerned about misuse of company assets and wishes to determine who may be responsible. Which of the following would be the BEST course of action?  
 


Options are :

  • Implement a single sign-on application on equipment with sensitive data and high-profile shares.
  • Separate employees into teams led by a person who acts as a single point of contact for observation purposes.
  • Create a single, shared user account for every system that is audited and logged based upon time of use.
  • Enact a policy that employees must use their vacation time in a staggered schedule. (Correct)

Answer : Enact a policy that employees must use their vacation time in a staggered schedule.

Elastic cloud computing environments often reuse the same physical hardware for multiple customers over time as virtual machines are instantiated and deleted. This has important implications for which of the following data security concerns?  


Options are :

  • Data confidentiality (Correct)
  • Hardware integrity
  • Integrity of data
  • Availability of servers

Answer : Data confidentiality

In order to prevent and detect fraud, which of the following should be implemented?  
 


Options are :

  • Incident management
  • Job rotation (Correct)
  • Employee evaluations
  • Risk analysis

Answer : Job rotation

CompTIA Security+ SY0 401 Test Set 3

 Mandatory vacations are a security control which can be used to uncover the following:  
 


Options are :

  • Poor password security among users
  • The need for additional security staff
  • Software vulnerabilities in vendor code (Correct)
  • Fraud committed by a system administrator

Answer : Software vulnerabilities in vendor code

The Chief Technical Officer (CTO) has been informed of a potential fraud committed by a database administrator performing several other job functions within the company.  Which of the following is the BEST method to prevent such activities in the future?  


Options are :

  • Mandatory Vacations
  • Job rotation
  • Separation of duties (Correct)
  • Least Privilege

Answer : Separation of duties

Users can authenticate to a companyís web applications using their credentials from a popular social media site. Which of the following poses the greatest risk with this integration?  


Options are :

  • Password breaches to the social media site affect the company application as well (Correct)
  • Data loss from the corporate servers can create legal liabilities with the social media site
  • Changes to passwords on the social media site can be delayed from replicating to the company
  • Malicious users can exploit local corporate credentials with their social media credentials

Answer : Password breaches to the social media site affect the company application as well

CompTIA Security+ Cert. (SY0-501): Practice Tests 2019 Set 6

Ann, a security technician, is reviewing the IDS log files. She notices a large number of alerts for multicast packets from the switches on the network. After investigation, she discovers that this is normal activity for her network.  Which of the following BEST describes these results?  
 


Options are :

  • False negatives
  • True positives
  • True negatives
  • False positives (Correct)

Answer : False positives

A company is preparing to decommission an offline, non-networked root certificate server. Before sending the serverís drives to be destroyed by a contracted company, the Chief Security Officer (CSO) wants to be certain that the data will not be accessed.   Which of the following, if implemented, would BEST reassure the CSO? (Choose two.)  
A. Disk hashing procedures 
B. Full disk encryption 
C. Data retention policies 
D. Disk wiping procedures 
E. Removable media encryption 


Options are :

  • B,E
  • A,E
  • C,D
  • B,D (Correct)

Answer : B,D

Which of the following can result in significant administrative overhead from incorrect reporting?  
 


Options are :

  • Job rotation
  • Mandatory vacations
  • Acceptable usage policies
  • False positives (Correct)
  • None of the Above

Answer : False positives

CompTIA Security+ SY0 401 Test Set 2

While rarely enforced, mandatory vacation policies are effective at uncovering: 


Options are :

  • Acts of gross negligence on the part of system administrators with unfettered access to system and no oversight. (Correct)
  • Help desk technicians with oversight by multiple supervisors and detailed quality control systems.
  • Collusion between two employees who perform the same business function.
  • Acts of incompetence by a systems engineer designing complex architectures as a member of a team.

Answer : Acts of gross negligence on the part of system administrators with unfettered access to system and no oversight.

One of the system administrators at a company is assigned to maintain a secure computer lab. The administrator has rights to configure machines, install software, and perform user account maintenance. However, the administrator cannot add new computers to the domain, because that requires authorization from the Information Assurance Officer.   Which of the following is this an example of?  


Options are :

  • Least privilege (Correct)
  • Job rotation
  • Mandatory access
  • Rule-based access control

Answer : Least privilege

Acme Corp has selectively outsourced proprietary business processes to ABC Services. Due to some technical issues, ABC services wants to send some of Acme Corpís debug data to a third party vendor for problem resolution.  Which of the following MUST be considered prior to sending data to a third party?  
 


Options are :

  • This may violate data ownership and non-disclosure agreements (Correct)
  • The data should be encrypted prior to transport
  • Acme Corp should send the data to ABC Servicesí vendor instead
  • This would not constitute unauthorized data sharing

Answer : This may violate data ownership and non-disclosure agreements

CompTIA Network+ 6 Certification Practice Exams - 2019 Set 10

Joe, a security analyst, asks each employee of an organization to sign a statement saying that they understand how their activities may be monitored.  Which of the following BEST describes this statement? (Choose two.)  
A. Acceptable use policy 
B. Risk acceptance policy 
C. Privacy policy 
D. Email policy
E. Security policy


Options are :

  • D,E
  • A,F
  • A,C (Correct)
  • C,F
  • B,D

Answer : A,C

Joe, a newly hired employee, has a corporate workstation that has been compromised due to several visits to P2P sites. Joe insisted that he was not aware of any company policy that prohibits the use of such websites. Which of the following is the BEST method to deter employees from the improper use of the companyís information systems?  


Options are :

  • Privacy Policy
  • Human Resource Policy
  • Acceptable Use Policy (Correct)
  • Security Policy

Answer : Acceptable Use Policy

A security administrator notices that a specific network administrator is making unauthorized changes to the firewall every Saturday morning.  Which of the following would be used to mitigate this issue so that only security administrators can make changes to the firewall?  


Options are :

  • Job rotation
  • Least privilege (Correct)
  • Mandatory vacations
  • Time of day restrictions

Answer : Least privilege

N10-006 CompTIA Network+ Certification Practice Test Set 3

Everyone in the accounting department has the ability to print and sign checks. Internal audit has asked that only one group of employees may print checks while only two other employees may sign the checks.  Which of the following concepts would enforce this process?  


Options are :

  • Job Rotation
  • Discretionary Access Control
  • Separation of Duties (Correct)
  • Mandatory Vacations

Answer : Separation of Duties

A user in the company is in charge of various financial roles but needs to prepare for an upcoming audit. They use the same account to access each financial system.   Which of the following security controls will MOST likely be implemented within the company?  
 


Options are :

  • Account password enforcement
  • Account lockout policy
  • Password complexity enabled
  • Separation of duties (Correct)

Answer : Separation of duties

Which of the following technical controls is BEST used to define which applications a user can install and run on a company issued mobile device?  


Options are :

  • Blacklisting
  • Whitelisting (Correct)
  • Authentication
  • Acceptable use policy

Answer : Whitelisting

SY0-401 CompTIA Security+ Certification Practice Exam Set 2

A security administrator needs to update the OS on all the switches in the company.  Which of the following MUST be done before any actual switch configuration is performed?  


Options are :

  • The request needs to be approved through the incident management process.
  • The request needs to be sent to the incident management team.
  • The request needs to be sent to the change management team.
  • The request needs to be approved through the change management process. (Correct)

Answer : The request needs to be approved through the change management process.

An IT security manager is asked to provide the total risk to the business.  Which of the following calculations would he, security manager, choose to determine total risk?  


Options are :

  • Threats X vulnerability X asset value (Correct)
  • Threats X vulnerability X control gap
  • (Threats X vulnerability X profit) x asset value
  • (Threats X vulnerability X asset value) x controls gap

Answer : Threats X vulnerability X asset value

A software developer is responsible for writing the code on an accounting application. Another software developer is responsible for developing code on a system in human resources. Once a year they have to switch roles for several weeks.  
Which of the following practices is being implemented?  


Options are :

  • Mandatory vacations
  • Job rotation (Correct)
  • Separation of duties
  • Least privilege

Answer : Job rotation

Practice : CompTIA A+ Certification 220-902

The system administrator notices that their application is no longer able to keep up with the large amounts of traffic their server is receiving daily. Several packets are dropped and sometimes the server is taken offline.  Which of the following would be a possible solution to look into to ensure their application remains secure and available?  


Options are :

  • Full disk encryption
  • HSM
  • Data Loss Prevention
  • Cloud computing (Correct)

Answer : Cloud computing

A security administrator plans on replacing a critical business application in five years. Recently, there was a security flaw discovered in the application that will cause the IT department to manually re-enable user accounts each month at a cost of $2,000. Patching the application today would cost $140,000 and take two months to implement.   Which of the following should the security administrator do in regards to the application?  


Options are :

  • Mitigate the risk by patching the application to increase security and saving money
  • Accept the risk and continue to enable the accounts each month saving money (Correct)
  • Transfer the risk replacing the application now instead of in five years
  • Avoid the risk to the user base allowing them to re-enable their own accounts

Answer : Accept the risk and continue to enable the accounts each month saving money

What are three of the primary security control types that can be implemented?  


Options are :

  • Personal, procedural, and legal.
  • Supervisory, subordinate, and peer.
  • Mandatory, discretionary, and permanent.
  • Operational, technical, and management. (Correct)

Answer : Operational, technical, and management.

CompTIA JK0-801 A+ Certification Practical Exam Set 4

Which of the following describes the purpose of an MOU?  


Options are :

  • Define onboard/offboard procedure
  • Define data backup process
  • Define responsibilities of each party (Correct)
  • Define interoperability requirements

Answer : Define responsibilities of each party

A vulnerability scan is reporting that patches are missing on a server. After a review, it is determined that the application requiring the patch does not exist on the operating system.  Which of the following describes this cause?  


Options are :

  • False positive (Correct)
  • Baseline code review
  • False negative
  • Application hardening

Answer : False positive

Which of the following provides the BEST explanation regarding why an organization needs to implement IT security policies?  


Options are :

  • To ensure that staff conform to the policy
  • To ensure that false positives are identified
  • To reduce the organizational risk (Correct)
  • To require acceptable usage of IT systems

Answer : To reduce the organizational risk

SY0-401 CompTIA Security+ Certification Practice Exam Set 4

Identifying residual risk is MOST important to which of the following concepts?  
 


Options are :

  • Risk mitigation
  • Risk acceptance (Correct)
  • Risk deterrence
  • Risk avoidance

Answer : Risk acceptance

Which of the following concepts are included on the three sides of the "security triangle"? (Choose three.)  
A. Confidentiality 
B. Availability 
C. Integrity 
D. Authorization 
E. Authentication 
F. Continuity 


Options are :

  • A,B,C (Correct)
  • A,D,F
  • C,E,F
  • B,D,E
  • A,B,E

Answer : A,B,C

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions