Comptia Security+ Exam 6

Quiz Summary

0 of 16 Questions completed

Questions:

You have already completed the quiz before. Hence you can not start it again.

Quiz is loading…

You must sign in or sign up to start the quiz.

You must first complete the following:

Results

Quiz complete. Results are being recorded.

Results

0 of 16 Questions answered correctly

Your time:

You have reached 0 of 0 point(s), (0)

Average score
Your score

Current
Review / Skip
Answered
Correct
Incorrect

Question 1 of 16

1. Question
An organization is taking steps to protect sensitive information by utilizing anonymization techniques throughout its lifecycle. What particular phase of the information lifecycle does this strategy most directly address?
- Archival/detention
- Storage
- Processing
- Collection
Correct

Incorrect
Question 2 of 16

2. Question
Which specific form of malware can embed itself within a host file and consequently spread to other files and systems when the host file is run?
- Worm
- Virus
- Trojan Horse
- Adware
Correct

Incorrect
Question 3 of 16

3. Question
A website allows users to post malicious scripts into discussion board. What type of web-based vulnerability is this?
- SQL injection (SQLi)
- XSRF attack
- Cross-site scripting (XSS)
- Cross Site Request Forgery (CSRF)
Correct

Incorrect
Question 4 of 16

4. Question
What is the primary purpose of a business impact analysis (BIA)?
- To identify and prioritize critical business processes.
- To define recovery time and point objectives (RTO/RPO).
- To assess the financial impact of potential security incidents.
- To document risk management strategies for various threats.
Correct

Incorrect
Question 5 of 16

5. Question
Replication involves copying data to a secondary location for redundancy. Which replication method provides the fastest recovery time objective (RTO)?
- Synchronous replication
- Asynchronous replication
- Snapshot replication
- Journaling
Correct

Incorrect
Question 6 of 16

6. Question
A critical database server experiences a hardware failure. What would ensure continued service availability?
- Fail-open
- Fail-closed
- Fail-over
- journaling
Correct

Incorrect
Question 7 of 16

7. Question
A company is considering using both encryption and tokenization to secure customer credit card information. Is this approach necessary?
- Yes, both methods offer different benefits.
- No, one method is sufficient.
- It depends on specific security requirements.
- Not recommended, it increases complexity.
Correct

Incorrect
Question 8 of 16

8. Question
What is the PRIMARY reason for including security considerations during the hardware and software acquisition process?
- To obtain the best pricing for equipment.
- To ensure compatibility with existing systems.
- To minimize the risk of introducing vulnerabilities.
- To prioritize user-friendliness for employees.
Correct

Incorrect
Question 9 of 16

9. Question
A security team investigates a distributed denial-of-service (DDoS) attack. Which data source would be MOST helpful in identifying the attack source?
- Application logs
- Endpoint logs
- Network logs
- Automated reports
Correct

Incorrect
Question 10 of 16

10. Question
What is the primary purpose of internal compliance reporting?
- To demonstrate compliance to external regulatory bodies.
- To inform internal stakeholders about the security posture of the organization.
- To document security incidents and corrective actions taken.
- To track the effectiveness of security controls implemented.
Correct

Incorrect
Question 11 of 16

11. Question
What are the two primary techniques used in a phishing attack?
- Modifying the hosts file on a PC or exploiting a DNS vulnerability on a trusted DNS server
- Phishing many users and harvesting email addresses from them
- Phishing many users and harvesting many passwords from them
- Spoofing DNS server IP addresses or modifying the hosts file on a PC
Correct

Incorrect
Question 12 of 16

12. Question
Your organization’s website is currently hosted by an ISP. Which specific risk response technique is being employed?
- Risk avoidance
- Risk register
- Risk acceptance
- Risk mitigation
Correct

Incorrect
Question 13 of 16

13. Question
During a forensic analysis, Drew discovered that an attacker intercepted traffic headed to networked printers by modifying the printer drivers. His analysis uncovered that the attacker modified the code of the driver to transmit copies of printed documents to a secure repository. What type of attack took place?
- Refactoring
- Shimming
- Swapping
- Recoding
Correct

Incorrect
Question 14 of 16

14. Question
Amanda is worried about LDAP injection attacks against her directory server. What is NOT a common technique to prevent LDAP injection attacks?
- LDAP query parameterization
- User input validation
- Output filtering rules
- Secure configuration of LDAP
Correct

Incorrect
Question 15 of 16

15. Question
Amanda is focused on implementing port-based authentication to secure her network and is seeking an authentication protocol that is specifically for this purpose. Which authentication protocol best suits her needs?
- 802.1x
- Kerberos
- RADIUS
- TACACS
Correct

Incorrect
Question 16 of 16

16. Question
What is the difference between spear phishing and whaling?
- Spear phishing targets email accounts; whaling is more sophisticated
- Spear phishing attacks are typically more sophisticated; whaling targets individuals or organizations
- Both spear-phishing and whaling target executive officers using email
- Spear phishing targets individuals or organizations, while whaling specifically targets high-profile individuals.
Correct

Incorrect

Comptia Security+ Exam 6

Quiz Summary

Information

Results

Results

Categories

1. Question

2. Question

3. Question

4. Question

5. Question

6. Question

7. Question

8. Question

9. Question

10. Question

11. Question

12. Question

13. Question

14. Question

15. Question

16. Question