0%
Created by agyenbons

Sec+ Practice Domain1

1 / 25

Category: Sec+ Domain 1

212.      Rick runs WPScan against a potentially vulnerable WordPress installation. WPScan is a web application security scanner designed specifically for WordPress sites. As part of the scan results, he notices the following entry: What should Rick do after remediating this vulnerability?

2 / 25

Category: Sec+ Domain 1

207.      There are seven impact categories that you need to know for the Security+ exam. Which of the following is not one of them?

3 / 25

Category: Sec+ Domain 1

203.      SourceForge and GitHub are both examples of what type of threat intelligence source?

4 / 25

Category: Sec+ Domain 1

201.      Security orchestration, automation, and response (SOAR) tools have three major compo- nents. Which of the following is not one of those components?

5 / 25

Category: Sec+ Domain 1

199.      Where does the information for predictive analysis for threat intelligence come from?

6 / 25

Category: Sec+ Domain 1

180.      Fred discovers that the lighting and utility control systems for his company have been over- whelmed by traffic sent to them from hundreds of external network hosts. This has resulted in the lights and utility system management systems not receiving appropriate reporting, and the endpoint devices cannot receive commands. What type of attack is this?

7 / 25

Category: Sec+ Domain 1

168.      What term describes the use of airplanes or drones to gather network or other information as part of a penetration test or intelligence gathering operation?

8 / 25

Category: Sec+ Domain 1

162.      A penetration tester called a help desk staff member at the company that Charles works at and claimed to be a senior executive who needed her password changed immediately due to an important meeting they needed to conduct that would start in a few minutes. The staff member changed the executive’s password to a password that the penetration tester provided. What social engineering principle did the penetration tester leverage to accomplish this attack?

9 / 25

Category: Sec+ Domain 1

150.      Christina runs a vulnerability scan of a customer network and discovers that a consumer wireless router on the network returns a result reporting default login credentials. What common configuration issue has she encountered?

10 / 25

Category: Sec+ Domain 1

125.      You are a security administrator for Acme Corporation. You have discovered malware on some of your company’s machines. This malware seems to intercept calls from the web browser to libraries, and then manipulates the browser calls. What type of attack is this?

11 / 25

Category: Sec+ Domain 1

103.      Which of the following is an attack that seeks to attack a website, based on the website’s trust of an authenticated user?

12 / 25

Category: Sec+ Domain 1

98.          You have discovered that there are entries in your network’s domain name server that point legitimate domains to unknown and potentially harmful IP addresses. What best describes this type of attack?

13 / 25

Category: Sec+ Domain 1

95.      Which of the following best describes a zero-day vulnerability?

14 / 25

Category: Sec+ Domain 1

84.      Juan is responsible for incident response at a large financial institution. He discovers that the company Wi-Fi has been breached. The attacker used the same login credentials that ship with the wireless access point (WAP). The attacker was able to use those credentials to access the WAP administrative console and make changes. Which of the following best describes what caused this vulnerability to exist?

15 / 25

Category: Sec+ Domain 1

80.      Steve discovers the following code on a system. What language is it written in, and what does it do? 1.import socket as skt,2.for port in range (1,9999): try: sc=skt.socket(askt.AF_INET,skt.SOCK_STREAM) sc.settimeout(900) sc.connect(('127.0.0.1,port))3.print '%d:OPEN' % (port) sc.close, except: continue

16 / 25

Category: Sec+ Domain 1

78.      Gerald is a network administrator for a small financial services company. Users are reporting odd behavior that appears to be caused by a virus on their machines. After isolating the machines that he believes are infected, Gerald analyzes them. He finds that all the infected machines received an email purporting to be from accounting, with an Excel spreadsheet, and the users opened the spreadsheet. What is the most likely issue on these machines?

17 / 25

Category: Sec+ Domain 1

51.      The company that Scott works for has experienced a data breach, and the personal information of thousands of customers has been exposed. Which of the following impact categories is not a concern as described in this scenario?

18 / 25

Category: Sec+ Domain 1

47.      Louis is investigating a malware incident on one of the computers on his network. He has discovered unknown software that seems to be opening a port, allowing someone to remotely connect to the computer. This software seems to have been installed at the same time as a small shareware application. Which of the following best describes this malware?

19 / 25

Category: Sec+ Domain 1

45.      Dennis uses an on-path attack to cause a system to send HTTPS traffic to his system and then forwards it to the actual server the traffic is intended for. What type of password attack can he conduct with the data he gathers if he captures all the traffic from a login form?

20 / 25

Category: Sec+ Domain 1

35.      Which of the following capabilities is not a key part of a SOAR (security orchestration, auto- mation, and response) tool?

21 / 25

Category: Sec+ Domain 1

33.      You work for a security company that performs penetration testing for clients. You are con- ducting a test of an e-commerce company. You discover that after compromising the web server, you can use the web server to launch a second attack into the company’s internal net- work. What best describes this?

22 / 25

Category: Sec+ Domain 1

28.      Selah includes a question in her procurement request-for-proposal process that asks how long the vendor has been in business and how many existing clients the vendor has. What common issue is this practice intended to help prevent?

23 / 25

Category: Sec+ Domain 1

16.      What type of security team establishes the rules of engagement for a cybersecurity exercise?

24 / 25

Category: Sec+ Domain 1

11.      Teresa is the security manager for a mid-sized insurance company. She receives a call from law enforcement, telling her that some computers on her network participated in a massive denial-of-service (DoS) attack. Teresa is certain that none of the employees at her company would be involved in a cybercrime. What would best explain this scenario?

25 / 25

Category: Sec+ Domain 1

5.          Frank is deeply concerned about attacks to his company’s e-commerce server. He is particu- larly worried about cross-site scripting and SQL injection. Which of the following would best defend against these two specific attacks?

Leave a Comment

Your email address will not be published. Required fields are marked *