JK0-015 - CompTIA E2C/Security+ Certification Exam
Go back to CompTIA
Which of the following processes describes identity proofing?
Identification and authentication
Which of the following describes the direction a signal will emanate from if a Yagi antenna is placed parallel to the floor?
Side to side, parallel with the floor
A user receives an unsolicited email to change their online banking password. After clicking on the link contained in the email the user enters their banking credentials and changes their password. Days later, when checking their account balance they notice multiple money transfers to other accounts. Which of the following BEST describes the type of attack?
Which of the following is the MOST common way to allow a security administrator to securely administer remote *NIX based systems?
After a disaster, a security administrator is helping to execute the company disaster recovery plan. Which of the following security services should be restored FIRST?
Auditing and logging of transactions.
A user reports that their 802.11n capable interface connects and disconnects frequently to an access point that was recently installed. The user has a Bluetooth enabled laptop. A company in the next building had their wireless network breached last month. Which of the following is MOST likely causing the disconnections?
The new access point was mis-configured and is interfering with another nearby access point.
Which of the following is made possible by some commercial virtualization hosting applications?
Automatic transfer of applications when hardware fails
A security administrator has received an SD memory card for the purpose of forensic analysis. The memory card is left on the administrator's office desk at the end of the day. The next day the security guard returns the SD card to the administrator because it was found by the night janitor. Which of the following incident response procedures has been violated?
Chain of custody
Which of the following describes a semi-operational site that in the event of a disaster, IT operations can be migrated?
A user reports that they are seeing ads appear for sites that are not safe for work while they are reading blogs. Which of the following would be the BEST way to solve this issue?
Install and configure a pop-up blocker on the workstation.
A technician wants to implement a change across the production domain. Which of the following techniques should the technician perform?
Deploy a group policy.
A disaster recovery exercise should include which of the following action types?
Testing server restoration
Which of the following is the BEST mitigation method to implement when protecting against a discovered OS exploit?
Upon opening the browser, a guest user is redirected to the company portal and asked to agree to the acceptable use policy. Which of the following is MOST likely causing this to appear?
Which of the following tools is MOST commonly used to assess a system's network for a security audit?
Which of the following security applications is used to mitigate malware?
Which of the following uses both private and public key algorithms for email encryption and decryption?
When used to encrypt transmissions, which of the following is the MOST resistant to brute force attacks?
Which of the following provides EMI protection?
Anti-static wrist straps
Which of the following assessments is directed towards exploiting successive vulnerabilities to bypass security controls?
A new product is being evaluated by the security team. Which of the following would take financial and business impacts into consideration if this product was likely to be purchased for large scale use?
Which of the following ports is susceptible to DNS poisoning?
The network administrator has determined that a large number of corporate workstations on the network are connecting to an IRC server on the Internet, and these same workstations are executing DDOS attacks on remote systems. Which of the following terms BEST describes this situation?
The administrator needs to require all users to use complex passwords. Which of the following would be the BEST way to do this?
Set a domain password policy
A penetration tester is attempting to run a brute-force attack to discover network passwords. Which of the following tools would be BEST suited to this task?
John the Ripper
Which of the following BEST secures ingress and egress points in a data center?
Which of the following is BEST suited to determine which services are running on a remote host?
Which of the following can cause hardware based drive encryption to see slower deployment?
USB removable drive encryption
Which of the following allows a company to maintain access to encrypted resources when employee turnover is high?
Which of the following is part of the patch management process?
Documenting the security assessment and decision.
Employees are allowed access to webmail while on the company network. The employees use this ability to upload attachments and send email from their corporate accounts to their webmail. Which of the following would BEST mitigate this risk?
Data Leak Prevention
Which of the following are BEST practices in regards to backup media? (Select TWO).
Label the media.
Store backup's offsite.
The president of the company is trying to get to their bank's website, and the browser is displaying that the webpage is being blocked by the system administrator. Which of the following logs would the technician review?
An attacker uses an account that allows read-only access to the firewall for checking logs and configuration files to gain access to an account that gives full control over firewall configuration. This type of attack is BEST known as:
A NIDS monitoring traffic on the public-side of a firewall provides which of the following?
Intelligence about external threats
Management wants a security assessment conducted on their network. The assessment must be conducted during normal business hours without impacting users. Which of the following would BEST facilitate this?
A vulnerability scan
A recent risk assessment has identified vulnerabilities on a production server. The technician realizes it was recently re-imaged after a component failed on it. Which of the following is the FIRST item to assess when attempting to mitigate the risk?
If all current service packs and hotfixes were re-applied
Which of the following is an example of data obfuscation within a data stream?
Which of the following is the BEST example of a technical security policy?
Installing electronic locks on the door to the server room that only allow access to a person swiping an administrators smartcard.
Which of the following technologies address key management?
The security administrator wants to know if a new device has any known issues with its available applications. Which of the following would be BEST suited to accomplishing this task?
Which of the following BEST describes why USB storage devices present a security risk to the confidentiality of data?
High volume and transfer speeds combined with ease of concealment.
Which of the following is the BEST way for an attacker to conceal their identity?
Which of the following is the BEST reason why a security administrator should periodically get a list of current employees and positions from the Human Resource department?
To ensure all users have the appropriate access
A user reports that their system is slow and reboots on its own. The technician is unable to remotely control the computer and realizes that they no longer have administrative rights to that workstation. Which of the following is MOST likely the cause?
Which of the following tools will allow a technician to detect devices and associated IP addresses on the network?
Network mapping software
Which of the following is the BEST mitigation against DoS attacks?
Distributed, redundant datacenters with IPS
Which of the following has a primary goal of hiding its processes to avoid detection?
To ensure users are logging into their systems using a least privilege method, which of the following should be done?
Create a user account without administrator privileges.
Which of the following is another name for a malicious attacker?