JK0-018 - CompTIA Security+ Certification Exam
Go back to CompTIA
A company notices that there is a flaw in one of their proprietary programs that the company runs in-house. The flaw could cause damage to the HVAC system. Which of the following would the company transfer to an insurance company?
Jane, an administrator, hears reports of circles being drawn in the parking lot. Because the symbols fall within range of the company's wireless AP, the MOST likely concern is:
that someone has used war chalking to help others access the company'snetwork
Pete, a security auditor, has detected clear text passwords between the RADIUS server and the authenticator. Which of the following is configured in the RADIUS server and what technologies should the authentication protocol be changed to?
Which of the following is characterized by Matt, an attacker, attempting to leave identification markings for open wireless access points?
While conducting a network audit, Sara, a security administrator, discovers that most clients are routing their network traffic through a desktop client instead of the company router. Which of the following is this attack type?
Which of the following can Matt, an administrator, use to ensure the confidentiality of a file when it is being sent over FTP?
Which of the following describes how Sara, an attacker, can send unwanted advertisements to a mobile device?
A business has paper forms on hand in the event of a credit processing system failure. This is an example of which of the following?
Continuity of operations
Sara, a security administrator, implemented design changes which allowed for greater availability of IP addresses. Which of the following did Sara implement?
A computer is put into a restricted VLAN until the computer's virus definitions are up-to-date. Which of the following BEST describes this system type?
Which of the following may cause Jane, the security administrator, to seek an ACL work around?
Zero day exploit
In the event of a mobile device being lost or stolen, which of the following BEST protects against sensitive information leakage?
Mike, a network administrator, has been asked to passively monitor network traffic to the company's sales websites. Which of the following would be BEST suited for this task?
Which of the following would BEST meet a server authentication requirement for a wireless network, but the network has no PKI in place?
Which of the following data center environmental controls must be property configured to prevent equipment failure from water?
Which of the following time periods is a best practice for requiring user awareness training?
Which of the following does Jane, a software developer, need to do after compiling the source code of a program to attest the authorship of the binary?
Use Jane's private key to sign the binary
Which of the following is a valid server-role in a Kerberos authentication system?
Ticket granting server
Social networking sites are used daily by the marketing team for promotional purposes. However, confidential company information, including product pictures and potential partnerships, have been inadvertently exposed to the public by dozens of employees using social networking sites. Which of following is the BEST response to mitigate this threat with minimal company disruption?
Mandate additional security awareness training for all employees.
Which of the following has serious security implications for large organizations and can potentially allow an attacker to capture conversations?
In regards to secure coding practices, why is input validation important?
It mitigates buffer overflow attacks.
Which of the following incident response procedures BEST allows Sara, the security technician, to identify who had possession of a hard drive prior to forensics analysis?
Chain of custody
Which of the following malware types is MOST likely to execute its payload after Jane, an employee, has left the company?
Which of the following concepts defines the requirement for data availability?
Disaster recovery planning
A certificate authority takes which of the following actions in PKI?
Issues and signs all root certificates
Which of the following is a difference between TFTP and FTP?
TFTP utilizes UDP and FTP uses TCP.
Pete, the Chief Executive Officer (CEO) of a company, has increased his travel plans for the next two years to improve business relations. Which of the following would need to be in place in case something happens to Pete?
A datacenter has two rows of racks which are facing the same direction. Sara, a consultant, recommends the racks be faced away from each other. This is an example of which of the following environmental concepts?
Hot and cool aisles
Which of the following elements makes up the standard equation used to define risk? (Select TWO).
Which of the following is a technical preventive control?
A company that trains their users to lock the doors behind them is MOST likely trying to prevent:
Mike, a server engineer, has received four new servers and must place them in a rack in the datacenter. Which of the following is considered best practice?
All servers' air intake toward the cold aisle.
Sara, a user, needs to copy a file from a Linux workstation to a Linux server using the MOST secure file transfer method available. Which of the following protocols would she use?
Ticket-Granting-Tickets (TGTs) are common in which of the following authentication schemes?
Matt, a user, finds a flash drive in the parking lot and decides to see what is on it by using his company laptop. A few days later Matt reports his laptop is running slow and is unable to perform simple tasks. The security administrator notices several unauthorized applications have been installed. CPU usage is unusually high, and a collection of screenshots of Matt's recent activity has been transmitted over the network .This is an example of which of the following?
A company is experiencing an extraordinary amount of web traffic that is crippling the server. The web traffic suddenly stops. The mail server experiences the same amount of traffic as before then crashes. Which of the following attacks would this BEST describe?
Which of the following uses both a public and private key?
Pete, a security administrator, would like to implement laptop encryption to protect data. The Chief Executive Officer (CEO) believes this will be too costly to implement and decides the company will purchase an insurance policy instead. Which of the following is this an example of?
Which of the following should Jane, a security administrator, perform before a hard drive is analyzed with forensics tools?
Capture system image
A company needs to remove sensitive data from hard drives in leased computers before the computers are returned to the supplier. Which of the following is the BEST solution?
Sanitization using appropriate software
Sara, an administrator, is hardening email application communication to improve security. Which of the following could be performed?
Require TLS when using SMTP
Which of the following allows multiple internal IP addresses to be mapped to one specific external IP address?
Biometrics includes the use of which of the following authentication methods?
Jane has a vendors server in-house for shipping and receiving. She wants to ensure that if the server goes down that the server in-house will be operational again within 24 hours. Which of the following should Jane define with the vendor?
Mean time to restore
Pete, a security engineer, is trying to inventory all servers in a rack. The engineer launches RDP sessions to five different PCs and notices that the hardware properties are similar. Additionally, the MAC addresses of all five servers appear on the same switch port. Which of the following is MOST likely the cause?
The system is virtualized
Which of the following would be the BEST choice for attacking a complex password hash?
How often, at a MINIMUM, should Sara, an administrator, review the accesses and right of the users on her system?
Which of the following network design elements will allow Jane, a security technician, to access internal company resources without the use of a DS3, Satellite, or T1 connection?
Matt, a network engineer, is setting up an IPSec VPN. Which network-layer key management standard and its protocol can be used to negotiate the connection?
Which of the following BEST describes a protective countermeasure for SQL injection?
Validating user input in web applications