CompTIA Security+ Certification (SY0-501): Practice Tests

Which of the following devices typically makes requests on behalf of internal clients?

Options are :

  • Router
  • Proxy (Correct)
  • Switch
  • Firewall

Answer : Proxy

Explanation A proxy is typically not used as a traffic-filtering device based upon port or protocol, but it makes requests on behalf of internal clients.A firewall is a more complex device, most often seen placed behind the border router. A switch does not filter traffic based upon port or protocol, since it works at a lower level in the OSI model. A router should be used as a first-level filtering device, because it has the ability to filter on basic characteristics of traffic such as port and protocol.

Which mobile device management deployment model uses corporate-owned devices where the corporation dictates the software installation and maintenance actions?

Options are :

  • COBO (Correct)
  • COPE
  • CYOD
  • BYOD

Answer : COBO

Explanation Company Owned, Business Only (COBO) devices are owned and controlled completely by the organization. Bring your own device (BYOD) means the employee owns the device. Choose your own device (CYOD) means the organization retains ownership, but employeess may install personal apps on the device. Company-issued, personally-enabled (COPE) is similar to CYOD, but employees are limited to installing only white-listed apps.

Which type of cloud service is for use by only one organization and is usually hosted by that organization?s infrastructure?

Options are :

  • Public
  • Private (Correct)
  • Community
  • External

Answer : Private

Explanation A private cloud is for use by only one organization and is usually hosted by that organization?s infrastructure.An external cloud is not a valid type of cloud and could be a public, private, or community cloud. A community cloud is for use by similar organizations or communities, such as universities or hospitals, that need to share common data. A public cloud is usually operated by a third-party provider that sells or rents ?pieces? of the cloud to different entities, such as small businesses or large corporations.

Which of the following statements best describes an XML injection attack?

Options are :

  • An attack on a database through vulnerabilities in the Web application, usually in user input fields.
  • An attack that involves sending malicious XML content to a Web application, taking advantage of any lack of input validation and XML parsing. (Correct)
  • An attack that uses unexpected numerical results from a mathematical operation to overflow a buffer.
  • An attack that exceeds the memory allocated to an application for a particular function, causing it to crash.

Answer : An attack that involves sending malicious XML content to a Web application, taking advantage of any lack of input validation and XML parsing.

Explanation An XML injection attack involves sending malicious XML content to a Web application, taking advantage of any lack of input validation and XML parsing.A buffer overflow attack exceeds the memory allocated to an application for a particular function, causing it to crash. Although similar to a buffer overflow attack, answer B describes an integer overflow attack, which uses unexpected numerical results from a mathematical operation to overflow a buffer. A SQL injection attacks a database through vulnerabilities in the Web application, usually in user input fields.

Which of the following is a software or a hardware appliance responsible for balancing user requests and network traffic among several different physical or virtualized hosts?

Options are :

  • Load balancer (Correct)
  • Guest operating system
  • Hypervisor
  • Host operating system

Answer : Load balancer

Explanation A load balancer is a piece of application software or a hardware appliance that is responsible for balancing user requests and network traffic among several different physical or virtualized hosts.The host operating system does not create or manage virtual machines; it merely shares resources with them. The hypervisor, also called a virtual machine monitor, is a piece of application software that is responsible for creating and managing virtual machines and their associated files on a host. The guest operating system is the virtual machine itself and is managed by a hypervisor.

What is the third step in the incident response life cycle?

Options are :

  • Containment, eradication, and recovery (Correct)
  • Post-incident activity
  • Preparation
  • Detection and analysis

Answer : Containment, eradication, and recovery

Explanation Containment, eradication, and recovery is the third step of the incident response lifecycle.In order, the steps of the incident response life cycle are preparation; detection and analysis; containment, eradication, and recovery; and post-incident activity.

Which attack involves sending specially-crafted traffic to a wireless client and an access point?

Options are :

  • Initialization vector attack
  • Spoofing attack
  • Deauthentication attack (Correct)
  • Replay attack

Answer : Deauthentication attack

Explanation A deauthentication attack involves sending specially crafted traffic to a wireless client and an access point, in the hopes of causing them to deauthenticate with each other and disconnect.A spoofing attack involves impersonating a wireless client or access point through either its IP or its MAC address. A replay attack involves the reuse of intercepted non-secure credentials to gain access to a system or network. Initialization vector (IV) attacks involve attempting to break WEP keys by targeting their weak IVs.

In many cases a load balancer uses which of the following on a client's browser to maintain session affinity?

Options are :

  • Session lock
  • Client-based code
  • TLS
  • Cookies (Correct)

Answer : Cookies

Explanation Cookies are saved and used by load balancers to maintain a connection between a specfic client and a specfic server, i.e. session affinity.TLS is an encryption method and session lock is an imaginary term. Client-based code could be used, but is not common.

Which of the following is normally the job of a senior leader within the incident response team?

Options are :

  • Determining the initial scope and impact of the incident
  • Notifying the incident response team
  • Notifying and coordinating with senior management and law enforcement officials (Correct)
  • Securing the scene

Answer : Notifying and coordinating with senior management and law enforcement officials

Explanation Notifying and coordinating with senior management and law enforcement officials is normally the job of a senior leader within the incident response team.The primary job of a first responder is to secure the scene. They are also responsible for notifying the incident response team and initially determining the scope, seriousness, and impact of the incident.

What type of control assists and mitigates the risk an existing control is unable to mitigate?

Options are :

  • Compensating control (Correct)
  • Deterrent control
  • Corrective control
  • Preventative control

Answer : Compensating control

Explanation A compensating control assists and mitigates the risk an existing control is unable to mitigate.The difference between a deterrent control and a preventive control is that it is necessary to have knowledge of the deterrent control for it to work. Users do not need to have knowledge of a preventative control for it to function. A corrective control is used to correct a condition when there is either no control at all, or the existing control is ineffective. Normally, a corrective control is temporary until a more permanent solution is put into place. A deterrent control keeps someone from performing a malicious act, provided that they know the control is there and are aware of the consequences for violating it.

Which of the following terms describes someone who hacks into a system for malicious purposes, without permission from the system?s owner, and shares the system hacking information with others?

Options are :

  • Black box tester
  • Black hat hacker (Correct)
  • White hat hacker
  • Gray hat hacker

Answer : Black hat hacker

Explanation A black hat hacker is someone who uses her skills for malicious purposes and often shares that information with others.A gray hat hacker uses her skills for both altruistic and malicious purposes, breaking into and exploiting a system without permission, but without sharing that information with others. A black box tester is someone who tests a system without any prior knowledge of the network or infrastructure; this person tests the system with the owner?s permission. A white hat hacker uses her skills to assist in securing systems; this type of hacker is usually a penetration testing professional or ethical hacker.

Which of the following is a legacy wireless encryption protocol that uses the RC4 streaming protocol?

Options are :

  • WEP (Correct)
  • 802.1X
  • WPA2
  • WPA

Answer : WEP

Explanation WEP is a legacy wireless encryption protocol that has been determined to be very weak and easily broken. It uses the RC4 streaming protocol and weak initialization vectors (24-bit) to encrypt data on wireless networks.WPA2 is an advanced encryption protocol that uses AES. WPA was an interim protocol used to correct some of WEP?s weaknesses. It uses the TKIP protocol. 802.1X is a port-based authentication method, not a wireless encryption protocol.

Which of the following cannot identify patterns alone and requires other data and event sources to identify trends and patterns?

Options are :

  • Log analysis (Correct)
  • Trend analysis
  • Quantitative analysis
  • Qualitative analysis

Answer : Log analysis

Explanation A log analysis can?t identify patterns alone and requires other data and event sources to identify trends and patterns.Trend analysis involves looking at data from various sources, including device logs, to identify patterns over a period of time. Both qualitative and quantitative analyses are risk assessment techniques.

Which of the following is a non-secure protocol used to copy files to and from Internet-based hosts?

Options are :

  • SFTP
  • FTP (Correct)
  • SCP
  • FTPS

Answer : FTP

Explanation FTP is a non-secure protocol used to copy files to and from Internet-based hosts.FTPS is a secure version of the non-secure FTP protocol, which is used over SSL or TLS connections to ensure security when transferring files to or from an Internet-based host. SCP is a secure copy protocol used to copy files securely to and from a networked host, and it uses SSH. SFTP is a secure file transfer protocol used to copy files to and from an Internet-based host, and it uses SSH.

Which of the following is an access control model based upon various access control rules that apply to users, objects, and actions?

Options are :

  • Access approval list
  • Rule-based access control (Correct)
  • Access control list
  • Metadata table

Answer : Rule-based access control

Explanation Rule-based access control is an access control model based upon various access control rules that apply to users, objects, and actions.An access control list (ACL) is a physical or logical list that details specific access levels individuals have to access objects. It is also used on network devices to determine which traffic from various users can enter and exit network devices and access internal hosts. Access approval lists and metadata tables are distractors and are not valid terms.

Which of the following terms describes a security appliance that is usually installed on an individual device, usually as a chip on the system motherboard?

Options are :

  • TPM (Correct)
  • SAN
  • NAS
  • HSM

Answer : TPM

Explanation A Trusted Platform Module (TPM) is installed on an individual device, usually as a chip on the system motherboard.A hardware security module (HSM) is usually a hardware appliance or standalone device used to provide hardware encryption services for specific hosts. A SAN is a storage area network and is not typically a security device. A NAS, network attached storage, is not a security device.

Marisol needs to interconnect multiple VLANs in her production environment. Which of the following network devices would best address this issue?

Options are :

  • Firewall
  • Layer 2 switch
  • Router
  • Layer 3 switch (Correct)

Answer : Layer 3 switch

Explanation A layer 3 switch supports inter VLAN routing to interconnect disparate VLANs.A layer 2 switch could interconnect VLAN via trunk ports, but only to interconnect to other layer 2 switches. A router could interconnect two VLANs, but this would take substantial configuration. A firewall is not capable of interconnecting VLANs.

Which of the following are characteristics of hashing? (Choose all that apply.)

Options are :

  • Hashes are cryptographic representations of plaintext. (Correct)
  • Hashes produce fixed-length digests for variable-length text. (Correct)
  • Hashing can be used to protect data integrity. (Correct)
  • Hashes are decrypted using the same algorithm and key that encrypted them.

Answer : Hashes are cryptographic representations of plaintext. Hashes produce fixed-length digests for variable-length text. Hashing can be used to protect data integrity.

Explanation All of these are characteristics of hashing except that hashes are produced from one-way mathematical functions and cannot be decrypted.

Scott is an outside specialist hired to audit a small, but suddenly fast-growing company. While performing a user audit, Scott notices that one user, Bradley, a sales intern who has worked for this company intermittently for three years, has the following permissions on the network:Member of Sales groupMember of Printer Administrators groupUser name/password on primary company Internet gatewayMember of Domain Admins for the company Active DirectoryShocked, Scott asks around the office how this intern has this level of access? It seems Bradley has substantial tech skills and the IT department gave him access to printers, gateway, and domain controllers so that he "could help with different problems" over the years. This is a classic example of which of the following?

Options are :

  • False acceptance rate
  • Least privilege
  • Authentication failure
  • Privilege creep (Correct)

Answer : Privilege creep

Explanation Privilege creep. Bradley keeps getting new privileges, yet nothing is turned off.Authentication failure implies something has gone wrong. There has been no failure in authentication. The principle of least privilege means that administrators never give a user account more rights and permissions than is needed for the user to do his or her job. False acceptance rate indicates the level of errors that the system may generate indicating that unauthorized users are identified and authenticated as valid users in a biometric system.

Which of the following is a rogue wireless access point set up to be nearly identical to a legitimate access point?

Options are :

  • Evil twin (Correct)
  • Jamming
  • MAC spoofing
  • SSID cloaking

Answer : Evil twin

Explanation An evil twin attack is a rogue wireless access point set up to be nearly identical to a legitimate access point.SSID cloaking is a weak security measure designed to hide the broadcasting of a wireless network?s Service Set Identifier. MAC spoofing is an attempt to impersonate another host by using its MAC address. Jamming is an intentional interference with the signal of a wireless network. It is often part of a DoS attack.

Which of the following is most appropriate if you have limited external public IP addresses available, but a requirement to share those IP addresses with internal hosts that must connect to the public Internet?

Options are :

  • Router
  • DMZ
  • DHCP server
  • NAT with a firewall (Correct)

Answer : NAT with a firewall

Explanation Using network address translation (NAT) in conjunction with a firewall enables you to share one external address with multiple internal hosts that require external addresses for their connectivity.A DMZ can contain servers behind a firewall, allowing public access, but it does not inherently offer NAT services. DHCP is used to allocate internal IP addresses, and a router still requires NAT to perform address translation.

Which of the following technologies enables communication between devices using a beam of light?

Options are :

  • Infrared (Correct)
  • Near Field Communications (NFC)
  • Bluetooth
  • 802.11 wireless

Answer : Infrared

Explanation Infrared enables communications between devices using a beam of light.Neither 802.11 wireless nor Bluetooth technologies perform in this manner. Near Field Communication is a newer technology in which devices send very low power radio signals to each other by using a special chip implanted in the device. It requires that the devices be extremely close or touching and is used for a variety of applications, including payments through NFC-enabled smartphones.

Which of following uses geolocation features to ensure that a mobile device does not leave specific areas of corporate property?

Options are :

  • Geolocation
  • Geotagging
  • Remote management
  • Geofencing (Correct)

Answer : Geofencing

Explanation Geofencing is the use of geolocation features to ensure that a mobile device does not leave specific areas of corporate property.Remote management is the overall process of remotely managing and monitoring mobile devices that are used to connect to the corporate infrastructure. Geolocation is the use of a device?s GPS features to determine device location, locate points of interest, and find other useful information. Geotagging is the practice of marking media files, such as pictures and video, with relevant information such as geographic location (using the GPS features of the mobile device) and time. This information can be used by security professionals to track where and how a mobile device has been used.

Which cryptography concept refers to the requirement for a trusted third party that can hold a special key (in addition to your private and public key pair) that is used to decrypt a stored backup copy of the private key if the original is lost?

Options are :

  • Registrar
  • Certificate authority
  • CRL
  • Key escrow (Correct)

Answer : Key escrow

Explanation Key escrow involves a third party that holds a special third key in addition to your private and public key pair.A CRL (certificate revocation list) is not valid in this scenario, as certificate authorities and registrars are used during the certificate life cycle to publish digital certificates.

Which of the following power devices do you install to enable the constant availability of critical servers during a power outage?

Options are :

  • UPS
  • Power conditioner
  • Battery backup
  • Generator (Correct)

Answer : Generator

Explanation To provide continuous power, you will need a generator, often gas-powered, that can provide power continuously until electrical power is restored. Be sure that you have enough gas! For very critical systems, multiple generators (tested regularly) are a common control.A power conditioner helps provide clean power that is less likely to harm systems; it has nothing to do with power outages. UPSes and battery backups are incorrect because they provide backup power for only a short period of time and are often used to allow a graceful shutdown of less critical systems.

Which of the following tools will help you track down a potential backdoor program allowing access into a host on your network?

Options are :

  • Run a port scan on your firewall.
  • Check the antimalware logs.
  • Monitor traffic from that specific computer with a protocol analyzer. (Correct)
  • Run a performance baseline test on the system.

Answer : Monitor traffic from that specific computer with a protocol analyzer.

Explanation A protocol analyzer can intercept, log, and allow analysis to be conducted on network traffic, to include source and destination of the traffic.None of these options will help track down the information that might be transmitted by a backdoor tool.

Which of the following methods of strengthening weak keys involves generating and exchanging asymmetric keys within a particular communication session?

Options are :

  • Key exchange (Correct)
  • Key stretching
  • Key repetition
  • Key streaming

Answer : Key exchange

Explanation Key exchange involves generating and exchanging asymmetric keys used for a particular communication session, exchanging public keys in order to use them for public key cryptography.Key streaming involves sending individual characters of the key through an algorithm and using mathematical XOR function to change the output. Key repetition is not a valid answer or term. Key stretching is a technique used to change weak keys to stronger ones by feeding them into an algorithm to produce an enhanced key.

Before information is converted to an unreadable state using cryptography, in what form is the information?

Options are :

  • Ciphertext
  • Hash
  • Plaintext (Correct)
  • Message digest

Answer : Plaintext

Explanation Plaintext is unencrypted text.Ciphertext is a result of the encryption process and is encrypted text. A hash, or message digest, is a cryptographic representation of variable length text, but it is not the text itself.

Which of the following describes a false acceptance rate? (Choose two.)

Options are :

  • The error caused when an unauthorized user is validated as authorized (Correct)
  • Type II error (Correct)
  • Type I error
  • The error caused from rejecting someone who is in fact an authorized user

Answer : The error caused when an unauthorized user is validated as authorized Type II error

Explanation A false acceptance rate (FAR) is the error caused when an unauthorized user is validated as authorized; it is also referred to as a Type II error.A false reject rate (FRR) is the error caused from rejecting an authorized user; it is also called a Type I error.

Travis just got promoted to network administrator after the previous administrator left rather abruptly. There are three new hires that need onboarding with user accounts. When Travis looks at all the existing account names, he notices there is no common naming system. Where should he look to try to give the new hires user accounts with proper naming conventions?

Options are :

  • Microsoft best practices
  • The most pertiinent FIPS documentation
  • The company's account policy (Correct)
  • The Sarbanes-Oxley regulation

Answer : The company's account policy

Explanation The company's account policy.Microsoft best practices as well as FIPS might give some good ideas, but there is no law (such as Sarbanes-Oxley) requiring a certian naming convention for user accounts.

Which type of assessment looks at events that could exploit vulnerabilities?

Options are :

  • Risk assessment
  • Threat assessment (Correct)
  • Penetration test
  • Vulnerability assessment

Answer : Threat assessment

Explanation A threat assessment looks at events that could exploit vulnerabilities.A vulnerability assessment looks for weaknesses in systems. A risk assessment is a combination of assessments and is designed to assess factors, including likelihood and impact that affect an asset. A penetration test attempts to exploit actual vulnerabilities found within the systems.

Which of the following desired attributes would make an organization most likely to move to a cloud provider?

Options are :

  • Control
  • Availability (Correct)
  • Accountability
  • Responsibility

Answer : Availability

Explanation Availability is the most likely attribute gained through potential redundancy and continuity of operations planning that?s (hopefully) inherent within the cloud environment. Cloud computing usually increases availability of data for users, since it is typically built on highly available, redundant infrastructures.Accountability and responsibility can be established through effective security controls and well-written service-level agreements. Users lose a large measure of control by moving to the cloud.

Which of the following security controls should be implemented to make sure that users require previous knowledge of the network identifier to join a network?

Options are :

  • Add a VLAN.
  • Use MAC address filtering.
  • Change the transmitting frequencies.
  • Disable SSID broadcasting. (Correct)

Answer : Disable SSID broadcasting.

Explanation Disable Service Set Identifier (SSID) broadcasting if you?re not actively broadcasting your network name. When this control is implemented, a user must know the name of the network before he or she can connect to it.None of these options will control access with regard to the SSID.

Containerization is the process of virtualizing which of the following items?

Options are :

  • Operating system (Correct)
  • Hardware
  • Interface
  • Virtual machine

Answer : Operating system

Explanation Containerization is the process of virtualizing the operating system. Conatiners often use storage segmentation to separate senstitive and personal data.Virtual machines are not virtualized. Traditional virtualization, not containerization, virtualizes hardware; and while it can be argued that both traditional virtualization as well as containerization virtualize a sysytem's interface, that is not the best answer of the choices given.

Which of the following terms indicates the amount of time it takes for a hardware component to recover from failure?

Options are :

  • Mean time between failures
  • Mean time to failure
  • Mean time to replace
  • Mean time to recovery (Correct)

Answer : Mean time to recovery

Explanation Mean time to recovery (MTTR) is the amount of time it takes for a hardware component to recover from failure.Mean time between failures (MTBF) represents the manufacturer?s best guess (based on historical data) regarding how much time will pass between major failures of that component. This is assuming that more than one failure will occur, which means that the component will be repaired, rather than replaced. The mean time to failure (MTTF) is the length of time a device is expected to last in operation. In MTTF, only a single, definitive failure will occur and will require that the device be replaced rather than repaired. Mean time to replace is not a valid term.

Which of the following policy settings enforces the use of longer password lengths and character spaces to increase password strength?

Options are :

  • Maximum password age
  • Password history
  • Minimum password age
  • Password complexity (Correct)

Answer : Password complexity

Explanation Password complexity enforces the use of longer password lengths and character spaces to increase password strength.Password history records previous passwords so they cannot be reused in the system. The maximum password age is used to expire a password after a certain time period. The minimum password age setting is used to force users to use a password for a minimum amount of time before they are allowed to change it. This prevents them from rapidly cycling through the password history in order to reuse an older password.

The United States Department of Defense uses a specific form of personal identification verificatication (PIV) card called?

Options are :

  • HOTP card
  • CAC card (Correct)
  • RSA card
  • PAC card

Answer : CAC card

Explanation CAC (common access control) card. RSA is a popular asymetric encryption. HOTP (HMAC-based one-time password) is an algorithm used to generate one-time passwords and a physical access control (PAC) describes the mechanisms for admitting and denying user access to your space.

Which of the following methods involves sending individual characters of the key through an algorithm and using a mathematical XOR function to change the output?

Options are :

  • Key stretching
  • Key streaming (Correct)
  • Key exchange
  • Key repetition

Answer : Key streaming

Explanation Key streaming involves sending individual characters of the key through an algorithm and using a mathematical XOR function to change the output.Key repetition is not a valid answer or term. Key exchange involves generating and exchanging an asymmetric key used for a particular communications session, or exchanging public keys in order to use them for public key cryptography. Key stretching is a technique used to change a weak key to a stronger key by feeding it into an algorithm to produce an enhanced key.

During which type of assessment would penetration testers not have any knowledge about the network, while defenders are aware of their presence? (Choose two.)

Options are :

  • Double-blind test
  • Black box test (Correct)
  • Blind test (Correct)
  • Unlimited test
  • Gray box test

Answer : Black box test Blind test

Explanation In a black box test, the testers have no knowledge of details about the network configuration, but system defenders are aware of their presence. This type of test is also referred to as a blind test.In a double-blind test, testers have no prior knowledge of the network they are testing, and network defenders also have no knowledge of the test and aren't aware of any attacks unless they can detect and defend against them. This test is designed to test the defenders' abilities to detect and respond to attacks, as much is it is to test and exploit vulnerabilities on the network. In a gray box test, the penetration tester may have some limited knowledge of the network or systems, gained from the organization that wants the test. Unlimited test is not a real test in the Security+ arena.

Which of the following are used to back up files that have changed since the last full backup of a virtual machine? (Choose two.)

Options are :

  • Differential backup (Correct)
  • Incremental backup (Correct)
  • Snapshot
  • System state backup

Answer : Differential backup Incremental backup

Explanation Differential and incremental backups apply to entire systems and are used to back up files that have changed since the last full backup.A snapshot is a quick backup of critical configuration files, used by the hypervisor to restore the virtual machine back to its point-in-time status should it become unstable or suffer other issues. The system state backup is a Microsoft Windows type of backup that backs up critical files used by the operating system to restore the system in the event of a system crash or other issue.

Which is the most common public-private key generation algorithm used in public key cryptography?

Options are :

  • AES
  • ECDH
  • SHA-2
  • RSA (Correct)

Answer : RSA

Explanation RSA (Rivest-Shamir-Adleman) is the most common public-private key generation algorithm used in public key cryptography. It is used to generate a public and private key pair.Elliptic Curve Diffie-Hellman (ECDH) is a key exchange protocol used in public key cryptography. It is used to negotiate, agree upon, and establish a secure session between two parties. AES is the Advanced Encryption Standard, which is not used in public key cryptography; it is a symmetric key cryptography algorithm. SHA-2 is the second iteration of the Secure Hashing Algorithm and is used to generate message digests for plaintext. It is not used in public key cryptography to exchange keys or establish secure sessions.

Which of the following terms describes someone who hacks into systems, with permission of the system?s owner, to discover exploitable vulnerabilities and help secure the system?

Options are :

  • Black hat hacker
  • Black box tester
  • Gray hat hacker
  • White hat hacker (Correct)

Answer : White hat hacker

Explanation White hat hackers use their skills to assist in securing systems. They are usually penetration testing professionals or ethical hackers.A gray hat hacker uses his or her skills for both good and evil purposes. A black box tester tests a system without any prior knowledge of the network or infrastructure. A black hat hacker uses his or her skills for malicious purposes.

What type of evidence is generally in the form of charts, graphs, or drawings to help non-technical people?

Options are :

  • Exculpatory evidence
  • Demonstrative evidence (Correct)
  • Inculpatory evidence
  • Documentary evidence

Answer : Demonstrative evidence

Explanation Demonstrative evidence, which can be in the form of charts, graphs, drawings, and so forth, is used to help non-technical people, such as the members of a jury, understand an event.Exculpatory evidence proves innocence. Inculpatory evidence proves guilt. Documentary evidence directly supports or proves a definitive assertion.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions