subscribe

Let's ask Questions

CompTIA Questions are critical thinking questions. You have to actually read the question

Question 1

A security analyst is reviewing application logs to determine the source of a breach and locates the following log: https://www.comptia.com/login.php?id='%20or%20'1'1='1
Which of the following has been observed?
A. DLL Injection
B. API attack
C. SQLi
D. XSS

Question 2

A security manager has tasked the security operations center with locating all web servers that respond to an unsecured protocol. Which of the following commands could an analyst run to find the requested servers?
A. nslookup 10.10.10.0
B. nmap -p 80 10.10.10.0/24
C. pathping 10.10.10.0 -p 80
D. ne -l -p 80

Question 3

The Chief Compliance Officer from a bank has approved a background check policy for all new hires. Which of the following is the policy MOST likely protecting against?
A. Preventing any current employees' siblings from working at the bank to prevent nepotism
B. Hiring an employee who has been convicted of theft to adhere to industry compliance
C. Filtering applicants who have added false information to resumes so they appear better qualified
D. Ensuring no new hires have worked at other banks that may be trying to steal customer information

Question 4

An organization has decided to purchase an insurance policy because a risk assessment determined that the cost to remediate the risk is greater than the five- year cost of the insurance policy. The organization is enabling risk:

A. avoidance.

B. acceptance.

C. mitigation.

D. transference.

Question 5

The Chief Information Security Officer (CISO) requested a report on potential areas of improvement following a security incident. Which of the following incident response processes is the CISO requesting?

A. Lessons learned

B. Preparation

C. Detection

D. Containment

E. Root cause analysis

Question 6

Which of the following is an effective tool to stop or prevent the exfiltration of data from a network?

A. DLP
B. NIDS
C. TPM
D. FDE

Question 7

Several attempts have been made to pick the door lock of a secure facility. As a result, the security engineer has been assigned to implement a stronger preventative access control. Which of the following would BEST complete the engineer's assignment

A. Replacing the traditional key with an RFID key
B. Installing and monitoring a camera facing the door
C. Setting motion-sensing lights to illuminate the door on activity
D. Surrounding the property with fencing and gates

Question 8

Which of the following can be used by a monitoring tool to compare values and detect password leaks without providing the actual credentials?

A. Hashing
B. Tokenization
C. Masking
D. Encryption

Question 9

A user enters a username and a password at the login screen for a web portal. A few seconds later the following message appears on the screen:

Please use a combination of numbers, special characters, and letters in the password field.

Which of the following concepts does this message describe?

A. Password complexity
B. Password reuse
C. Password history
D. Password age

Question 10

Which of the following is a reason to publish files' hashes?

A. To validate the integrity of the files
B. To verify if the software was digitally signed
C. To use the has as a software activation key
D. to use the hash a a decryption passphrase

Question11

A company is auditing the manner in which it's European customers' personal information is handled. Which of the following should the company consult?

A. GDPR
B. ISO
C. NIST
D. PCI DSS