CompTIA Security Plus Mock Test Q1614

A Chief Executive Officer (CEO) is steering company towards cloud computing. The CEO is requesting a federated sign-on method to have users sign into the sales application. Which of the following methods will be effective for this purpose?

A. SAML
B. RADIUS
C. Kerberos
D. LDAP


Correct Answer: A
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1590

A developer needs to utilize AES encryption in an application but requires the speed of encryption and decryption to be as fast as possible. The data that will be secured is not sensitive so speed is valued over encryption complexity. Which of the following would BEST satisfy these requirements?

A. AES with output feedback
B. AES with cipher feedback
C. AES with cipher block chaining
D. AES with counter mode

Correct Answer: B
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1552

A chief information officer (CIO) is concerned about PII contained in the organization’s various data warehouse platforms. Since not all of the PII transferred to the organization is required for proper operation of the data warehouse application, the CIO requests the in needed PII data be parsed and securely discarded. Which of the following controls would be MOST appropriate in this scenario?

A. Execution of PII data identification assessments
B. Implementation of data sanitization routines
C. Encryption of data-at-rest
D. Introduction of education programs and awareness training
E. Creation of policies and procedures

Correct Answer: E
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1471

A security director has contracted an outside testing company to evaluate the security of a newly developed application. None of the parameters or internal workings of the application have been provided to the testing company prior to the start of testing. The testing company will be using:

A. Gray box testing
B. Active control testing
C. White box testing
D. Black box testing

Correct Answer: D
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1446

An application developer needs to allow employees to use their network credentials to access a new application being developed. Which of the following should be configured in the new application to enable this functionality?

A.
LDAP
B. ACLs
C. SNMP
D. IPSec

Correct Answer: A
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1444

A programmer has allocated a 32 bit variable to store the results of an operation between two user supplied 4 byte operands. To which of the following types of attack is this application susceptible?

A. XML injection
B. Command injection
C. Integer overflow
D. Header manipulation

Correct Answer: C
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1426

A company used a partner company to develop critical components of an application. Several employees of the partner company have been arrested for cybercrime activities. Which of the following should be done to protect the interest of the company?

A. Perform a penetration test against the application
B. Conduct a source code review of the application
C. Perform a baseline review of the application
D. Scan the application with antivirus and anti-spyware products.

Correct Answer: A
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1422

A company’s application is hosted at a data center. The data center provides security controls for the infrastructure. The data center provides a report identifying serval vulnerabilities regarding out of date OS patches. The company recommends the data center assumes the risk associated with the OS vulnerabilities. Which of the following concepts is being implemented?

A. Risk Transference
B. Risk Acceptance
C. Risk Avoidance
D. Risk Deterrence

Correct Answer: A
Section: Mixed Questions