CompTIA Security Plus Mock Test Q1724

A web application is configured to target browsers and allow access to bank accounts to siphon money to a foreign account. This is an example of which of the following attacks?

A. SQL injection
B. Header manipulation
C. Cross-site scripting
D. Flash cookie exploitation

Correct Answer: C
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1568

A user contacts the help desk after being unable to log in to a corporate website. The user can log into the site from another computer in the next office, but not from the PC. The user’s PC was able to connect earlier in the day. The help desk has user restart the NTP service. Afterwards the user is able to log into the website. The MOST likely reason for the initial failure was that the website was configured to use which of the following authentication mechanisms?

A. Secure LDAP
B. RADIUS
C. NTLMv2
D. Kerberos


Correct Answer: D
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1547

a company is deploying an new video conferencing system to be used by the executive team for board meetings. The security engineer has been asked to choose the strongest available asymmetric cipher to be used for encryption of board papers, and chose the strongest available stream cipher to be configured for video streaming. Which of the following ciphers should be chosen? (Select two)

A. RSA
B. RC4
C. 3DES
D. HMAC
E. SJA-256

Correct Answer: A,B
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1485

A classroom utilizes workstations running virtualization software for a maximum of one virtual machine per working station. The network settings on the virtual machines are set to bridged. Which of the following describes how the switch in the classroom should be configured to allow for the virtual machines and host workstation to connect to network resources?

A. The maximum-mac settings of the ports should be set to zero
B. The maximum-mac settings of the ports should be set to one
C. The maximum-mac settings of the ports should be set to two
D. The maximum mac settings of the ports should be set to three

Correct Answer: A
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1446

An application developer needs to allow employees to use their network credentials to access a new application being developed. Which of the following should be configured in the new application to enable this functionality?

A.
LDAP
B. ACLs
C. SNMP
D. IPSec

Correct Answer: A
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1293

A network security administrator is trying to determine how an attacker gained access to the corporate wireless network. The network is configured with SSID broadcast disabled. The senior network administrator explains that this configuration setting would only have determined an unsophisticated attacker because of which of the following?

A. The SSID can be obtained with a wireless packet analyzer
B. The required information can be brute forced over time
C. Disabling the SSID only hides the network from other WAPs
D. The network name could be obtained through a social engineering campaign

Correct Answer: A
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1261

Company policy requires employees to change their passwords every 60 days. The security manager has verified all systems are configured to expire passwords after 60 days. Despite the policy and technical configuration, weekly password audits suggest that some employees have had the same weak passwords in place longer than 60 days. Which of the following password parameters is MOST likely misconfigured?

A. Minimum lifetime
B. Complexity
C. Length
D. Maximum lifetime

Correct Answer: B
Section: Mixed Questions