Mock Exams | Ian Neil’s Security+ Study Materials

Mock Exam 1

1 / 50

A company is developing an application for a multinational organization and needs to ensure that, when an application is written and put together, any conflicts are easily identifiable at an early stage. They will use six software developers, all working together to speed up the delivery of the application. They are going to use an automated process to carry out the validation of the code. Which of the following processes will be adopted?

a. Continuous integration

b. Continuous monitoring

c. Continuous development

d. Continuous delivery

2 / 50

The Cyber Security Incident Response Team (CSIRT) interviewed the chief executive officer, who had been subjected to a remote access Trojan attack. The team asked the chief executive officer to list websites that he had visited and software he had downloaded. He said that none of the websites asked him to download software. He had visited 10 different websites, mostly to search for a holiday, and he also visited a university website for a management course. The CSIRT said that the last time he visited the university website he was watching online videos. He said that he was asked to update his Adobe software to watch the video as it said his version was outdated. Which of the following best describes the attack type of the first attack he suffered?

a. Cross-site request forgery

b. Trojan

c. Banner grabbing

d. Buffer overflow

e. SQL injection

f. Cross-site scripting

g. Watering hole attack

3 / 50

A cybersecurity administrator was notified by the SOAR system that an attack has occurred on two web servers that the company owns.

In a log on web server 1, he notices the following entry:
http://some_site.com.br/get-files?file=/etc/passwd

In a log on web server 2, he notices the following entry:
http://some_site.com.br/../../../../etc/shadow

What type of attack has been carried out on both web servers?

a. Directory traversal

b. SQL injection

c. CSRF

d. XSS

4 / 50

A user has informed the cybersecurity administrator that she received the following message from Dropbox. What technology is Dropbox utilizing to inform the user?

a. Risky logins

b. CASB

c. Security event – login failure

d. Impossible time travel

5 / 50

Which of the following data roles is responsible for ensuring the data is protected and kept confidential and that the company is compliant?

a. Data custodian

b. Data protection officer

c. Data steward

d. Data owner

6 / 50

A Britain-based contractor has been working on an infrastructure contract in Dubai for the past month. Due to the strict regulations in Dubai, he has been using a VPN to watch UK sports channels in his hotel room. Today, he went to the local cashpoint to withdraw some local currency so that he could purchase some goods at the local supermarket. About 1 hour later, when he was back in his hotel room, he started his VPN with London as his location so that he could participate in the lottery as there was a £139,000,000 jackpot. He cannot purchase tickets if he is outside of the UK. He tried to purchase four tickets by selecting five numbers from 1 to 59 and two bonus numbers, but when payment was due, he got an error that the transaction had been declined. Which of the following is the MOST LIKELY reason that the bank refused the transaction?

a. The lottery refused the ticket purchase as he is deemed outside of the UK.

b. He had no money in his bank account as he spent all of it at the local market.

c. The bank blocked the transaction due to risky logins.

d. The bank blocked the transaction due to impossible time travel.

e. He had broken PCI DSS regulations.

f. The hotel had a DLP solution that prevented the transmission of credit card patterns.

7 / 50

Why has the chief information officer written a policy so that the company will remove the current SATA drives and replace them with OPAL-compliant Self-Encrypting Drives (SEDs)? (Select all that apply.)

a. Only the user and the vendor can decrypt the data.

b. SEDs use software-based encryption and are therefore more secure.

c. SEDs are designed to protect data in transit.

d. SEDs use hardware-based encryption and are therefore more secure as they are less vulnerable to FDE as it runs under an operating system.

e. The keys are stored on the drive itself, making them more secure.

8 / 50

A market trader has decided that he will move his business into a new shopping mall about 600 meters down the road. He will now install an air conditioning system along with a point-of-sale system that can take cash and card payments. Which of the following mandatory regulations must the market trader be compliant with for card payments?

a. ISO 27001

b. ISO 27701

c. Sarbanes-Oxley

d. PCI DSS

9 / 50

Which of the following deals with cybersecurity frameworks?

a. ISO 27701

b. ISO 27001

c. ISO 28001

d. ISO 27101

10 / 50

When the company sales representatives come into the office, why should they report to the IT department prior to connecting their laptops onto the network? Select the best answer option.

a. So that their VPN connections can be checked for compliance

b. To ensure that their devices are fully patched

c. So that their laptops can be connected to a dirty computer to scan for malware

d. So that the IT team can update them about any policy changes

11 / 50

An accounts administrator wishes to purchase a new biometric system. Which of the following would be the best choice to make?

a. Low CER

b. High CER

c. Low FRR

d. Low FAR

12 / 50

Which of the following data roles is responsible for investigating data breaches?

a. Security administrator

b. Data protection officer

c. Data custodian

d. Data controller

13 / 50

An internal auditor needs to ensure that all data has been labeled properly and that it is easily identifiable and of high quality. Who is the person that the auditor has come to visit?

a. Data controller

b. Data custodian

c. Data steward

d. Security administrator

14 / 50

Which of the following is the MAIN reason for carrying out an automated process called continuous monitoring?

a. Fit for purpose

b. Manages the release of code to the production environment

c. Bug fixing

d. Logging failures so that they can be remedied

15 / 50

A cybersecurity administrator noticed the following events in the security log:

0901: Event ID 1053 User: Smith John Logon Failure account does not exist
0902: Event ID 1053 User: SmithJ Logon Failure account does not exist
0903: Event ID 1053 User: John Smith Logon Failure account does not exist
0904: Event ID 1053 User: J.Smith Logon Failure account does not exist
0905: Event ID 4625 John.Smith Logon Failure
0906: Event ID 4625 John.Smith Logon Failure
0907: Event ID 4625 John.Smith Account lockout

a. Standard naming convention

b. Brute-force attacks

c. Dictionary attack

d. Password spraying

16 / 50

You are the Active Directory administrator, and you note that six people have had three password resets this week. You run a PowerShell command that reveals the following:

Name last bad password attempt badpwdcount
Fred Flinders 20/5/21 09:07:25 AM 10
Scott Wilson 20/5/21 09:07:25 AM 10
Marie West 20/5/21 09:07:39 AM 10
Holly England 20/5/21 09:07:39 AM 10
Oscar Brown 20/5/21 09:07:44 AM 10
Eric Slazenger 20/5/21 09:07:44 AM 10

a. Password spraying

b. Credential harvesting

c. Dictionary attack

d. Brute-force attack

17 / 50

You are the cybersecurity administrator for a multinational company that has 10,000 users. There have recently been security breaches at the London office, which houses 350 users. All your computers are using a standard naming convention with a prefix of LON then the computer environment. Your company uses a CYOD environment and, when you check the security logs, you notice the following:

Device: IPAD Account Name: Christopher Smith Account Successful.

The cybersecurity team interviewed vice president Christopher Smith, who says that he played games on his tablet during lunchtime and that he apologizes for any inconvenience caused. The security team advised him to read the AUP relating to computer hardware. What type of threat actor had Christopher Smith become?

a. Shadow IT

b. Nation-state

c. Insider threat

d. Hacktivist

18 / 50

You are a cybersecurity administrator for a large multinational corporation, and you recently have been subjected to password attacks. You check the security log of the domain controller and observe the following:

user abc/George.scott attempted login with the password zaire
user abc/George.scott attempted login with the password zaire
user abc/john.long attempted login with the password zairean
user abc/chris.rogers attempted login with the password zairesen
user abc/ian.thompson attempted login with the password zahat
user abc/rupert.bear attempted login with the password zaman
user abc/ian.thompson attempted login with the password zahat
user abc/rupert.bear attempted login with the password zaman

What type of attack is this and what is the BEST way to prevent this attack from happening again? (Choose TWO answers.)

a. Dictionary attack

b. Brute-force attacks

c. Multifactor authentication

d. Password spraying

e. Credential harvesting

f. Complex passwords

19 / 50

A directory services administrator found that five users had their accounts locked out while they were at lunch. He pulled the security log files for the top 15 entries from the log file. He then analyzed the entries. These are shown here:

user abc/George.scott attempted login with the password password123
user abc/john.long attempted login with the password password123
user abc/chris.rogers attempted login with the password password123
user abc/ian.thompson attempted login with the password password123
user abc/rupert.bear attempted login with the password password123
user abc/George.scott attempted login with the password changeme
user abc/john.long attempted login with the password changeme
user abc/chris.rogers attempted login with the password changeme
user abc/ian.thompson attempted login with the password changeme
user abc/rupert.bear attempted login with the password changeme
user abc/George.scott attempted login with the password letmein
user abc/john.long attempted login with the password letmein
user abc/chris.rogers attempted login with the password letmein
user abc/ian.thompson attempted login with the password letmein
user abc/rupert.bear attempted login with the password letmein

What type of attack BEST describes what happened AND how did he manage to get the top 15 entries from the log file? (Select TWO responses.)

a. tail

b. Password spraying

c. Brute-force attacks

d. Logger

e. syslog

f. head

g. Dictionary

20 / 50

An internal auditor needs to ensure that all classified data has been stored in a secure manner and that copies are made and placed in a second network location that is encrypted. Who is the person that the auditor has come to visit?

a. Data custodian

b. Data owner

c. Data controller

d. Data steward

21 / 50

An auditor has come to a company to carry out a BIA audit to see how much impact there would be should the company suffer a disaster. The auditor noticed that there was only one SQL database. The auditor has recommended to the board of directors that the SQL database should be clustered. Which of the following BEST describes why the auditor has made this recommendation?

a. The SQL database has been identified as a single point of failure.

b. By setting up clustering, the SQL database traffic will be encrypted.

c. All databases should be clustered to improve their performance.

d. The SQL database is a mission-critical system.

22 / 50

Which of the following automated scripting concepts pushes new updates into the production environment?

a. Continuous deployment

b. Continuous integration

c. Continuous delivery

d. Continuous validation

23 / 50

Which of the following data roles is responsible for investigating data breaches?

a. Data controller

b. Security administrator

c. Data steward

d. Data owner

24 / 50

Which of the following RAID configurations has fast-read access, dual parity, and could lose two disks?

a. RAID 0

b. RAID 1

c. RAID 6

d. RAID 5

25 / 50

Employees in a multinational company have complained that it takes quite a while to connect to the guest Wi-Fi at the company's canteen. They have also complained that they cannot connect to the intranet so that they can submit their expense sheets. The network team looks at the log file on the WAP and finds that they may have suffered a wireless disassociation attack. Then, they monitor the network traffic and notice the following output:

No Time Source Destination Protocol Length Information
1001 12:01:23 host2324 Broadcast 802.11 39 Deauthentication, SN=655
1002 12:01:53 host2324 Broadcast 802.11 39 Deauthentication, SN=655
1003 12:02:26 host2324 Broadcast 802.11 39 Deauthentication, SN=655
1004 12.02.50 host2324 Broadcast 802.11 39 Connection, SN=12345

Which of the following BEST describes what the network team discovered?

a. A wireless jamming attack is in progress.

b. An evil twin has been discovered.

c. MAC filtering has been set up on the WAP.

d. ARP poisoning has been discovered.

26 / 50

A company has suffered many attacks over the last 3 months from software being brought into the company and would like to prevent this from reoccurring by introducing the following criteria:

Kali Linux must not be installed on any computer.
Office 2019 may be installed.
PUP software must not be installed on any computer.

Which of the following would BEST meet these criteria? (Choose TWO answers.)

a. Place Office on the whitelist and make an exception to block Kali Linux.

b. Place Office on the whitelist.

c. Place PUP on the blacklist.

d. Place Office on the blacklist and make an exception to block Kali Linux.

e. Place Kali Linux on the blacklist.

27 / 50

An auditor is planning to deliver a meeting to the board of directors dealing with disaster and business continuity. Which of the following orders is the BEST for the presentation?

a. BIA – Disaster Recovery Plans – Disaster – Business Continuity

b. Disaster Recovery Plans – Disaster – BIA – Business Continuity

c. Disaster Recovery Plans – Disaster – Business Continuity – BIA

d. BIA – Disaster – Disaster Recovery Plans – Business Continuity

28 / 50

Which of the following does ISO 27001 deal with?

a. Classified data

b. Risk management guidelines

c. Personal data and privacy

d. Security techniques for information security management systems

29 / 50

A cybersecurity analyst noticed that his SOAR system was sending alerts four times a day. When he looked at the log files, he noticed the following entries:

20/5/21 09:07:25 AM Audit: Failures abc\user 1 unknown username or bad password
20/5/21 09:07:26 AM Audit: Failures abc\user 1 unknown username or bad password
20/5/21 09:07:27 AM Audit: Failures abc\user 1 unknown username or bad password
20/5/21 09:07:28 AM Audit: Failures abc\user 1 Lockout
20/5/21 09:08:13 AM Audit: Failures abc\user 2 unknown username or bad password
20/5/21 09:08:14 AM Audit: Failures abc\user 2 unknown username or bad password
20/5/21 09:08:15 AM Audit: Failures abc\user 2 unknown username or bad password
20/5/21 09:08:16 AM Audit: Failures abc\user 2 Lockout
20/5/21 09:09:46 AM Audit: Failures abc\user 3 unknown username or bad password
20/5/21 09:09:47 AM Audit: Failures abc\user 3 unknown username or bad password
20/5/21 09:09:48 AM Audit: Failures abc\user 3 unknown username or bad password
20/5/21 09:09:49 AM Audit: Failures abc\user 3 Lockout
20/5/21 09:09:46 AM Audit: Failures abc\user 4 unknown username or bad password
20/5/21 09:09:46 AM Audit: Failures abc\user 4 unknown username or bad password
20/5/21 09:09:46 AM Audit: Failures abc\user 4 unknown username or bad password
20/5/21 09:09:46 AM Audit: Failures abc\user 4 Lockout

Which of the following BEST describes the type of attack that had been attempted?

a. Credential harvesting

b. Dictionary attack

c. Password spraying

d. Brute-force attack

30 / 50

Which of the following data roles is ultimately responsible for ensuring that the protection of user rights and privacy is adhered to?

a. Data owner

b. Data steward

c. Security administrator

d. Data custodian

31 / 50

Why would a company use a Security Orchestration, Automation, and Response (SOAR) solution? (Choose TWO answers.)

a. It collects log files from the syslog server.

b. A SOAR solution uses machine learning and can identify threats faster than humans.

c. It collects the log files from multiple servers and forwards them to a SIEM system.

d. It releases IT team members to carry out more important security tasks.

32 / 50

What is the function of playbooks and runbooks in a SOAR environment? (Choose TWO answers.)

a. A playbook identifies an event and the actions to be taken if it is detected.

b. A runbook has a number of events and the actions to be taken should that event be detected.

c. Runbooks are created to walk someone through the steps to complete a task.

d. A playbook consists of a number of runbooks that are automated.

33 / 50

Which of the following automated scripting concepts describes where the application meets the designed goals and is deemed fit for purpose?

a. Continuous integration

b. Continuous validation

c. Continuous delivery

d. Continuous development

34 / 50

The administrator for the securityplus.training website has received complaints from customers that they have been asked to subscribe to the website when they thought it was free. The administrator checked with the finance department whether they now need payment for the website, but they said that they did not add a charge for accessing the website. The administrator then used the following toll and received the following output:

Tracing route to securityplus.training [160.153.138.53] over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms Linksys33577 [192.168.1.1]
2 2 ms 2 ms 1 ms 209.134-31-62.static.virginmediabusiness.co.uk [10.1.1.1]
3 19 ms 22 ms 15 ms brhm-core-2a-et-315-0.network.virginmedia.net [81.110.128.1]
4 22 ms 20 ms 45 ms tcl3-ic-2-ae4-0.network.virginmedia.net [62.253.175.130]
5 21 ms 21 ms 20 ms cpc69435-hink4-2-0-cust108.8-2.cable.virginm.net [62.252.5.109]
6 21 ms 20 ms 28 ms siteprotect.security.neustar [68.142.82.37]
7 25 ms 25 ms 25 ms 156.154.215.134
8 30 ms 26 ms 26 ms Ip-153.233.23.124.ip.site2.net [153.233.23.124)]
Trace complete

What type of attack has the administrator discovered?

a. Man-in-the-middle attack

b. Banner grabbing attack

c. Cross-site scripting

d. Social engineering attack

35 / 50

Due to the COVID-19 outbreak, a retailer will accept only card payments to reduce the risk of workers catching the virus. They have just received the PCI DSS regulations referring to acceptable card payments. Which of the following BEST describes some of the requirements of PCI DSS? (Select THREE answers.)

a. Use strong cryptography and security protocols.

b. Deny traffic from untrusted networks and hosts.

c. Do not accept foreign credit cards.

d. Ensure that the person using the card is over 18 years old.

e. Protect encryption keys from disclosure and misuse.

f. Use complex passwords longer than 12 characters.

36 / 50

What does ISO 27701 deal with?

a. Risk management guidelines

b. Classified security control

c. Personal data and privacy

d. Cloud security

37 / 50

A charity has called in an external auditor because they do not seem to be making as much profit as they normally have in the last 2 years. The auditors have been told that the financial controller is a very hard-working person who has not taken many holidays during this period to ensure that as much revenue as possible can be raised, and that the financial controller was working with 1,200 voluntary workers to raise revenue. Once the auditor carried out an audit, they found that $900,000 could not be accounted for. It was deemed that the financial controller had a gambling problem and was responsible for the theft. Which of the following would be the BEST recommendation that the external auditor could make to prevent this from happening again? (Choose TWO answers.)

a. Background check

b. Mandatory vacations

c. Job rotation

d. Credit check

e. Permissions audit and review

f. Separation of duties

38 / 50

Which of the following RAID configurations has fast-read access, single parity, and could lose one disk?

a. RAID 0

b. RAID 5

c. RAID 6

d. RAID 1

39 / 50

Which of the following are physical controls?

a. Anti-virus and anti-malware

b. Firewall rules

c. Turnstiles

d. Mantraps

e. Encryption

40 / 50

Which of the following techniques can be used by application developers to make it difficult to reverse engineer source code? Choose the BEST answer.

a. XOR

b. Steganography

c. Obfuscation

d. ROT 13

41 / 50

You are an IT contractor and have been hired by a small company to upgrade their domain controllers. Both the company’s domain controllers have Windows NT4.0 with Service Pack 5 installed. The company wants you to notify them of the following:

The authentication protocol that they are using
The attacks that their domain controllers are vulnerable to
The best Windows authentication protocol for them to use

Select THREE choices that address the points listed previously:

a. They are using the Kerberos protocol.

b. The need to install the Kerberos protocol.

c. They are using NTLM authentication.

d. They should upgrade to the NTLM protocol.

e. They are subject to a man-in-the-browser attack.

f. They are vulnerable to a pass-the-hash attack.

42 / 50

The cybersecurity administrator for a multinational corporation has been tasked with the destruction of the following:

● 1 ton of unclassified paper waste
● 23 salespeople’s hard drives that have been replaced with SSD drives

Which of the following are the best methods of sanitization to ensure its total destruction? (Select TWO answers.)

a. Shredding

b. Pulping

c. Wiping

d. Burning

e. Degaussing

43 / 50

The cybersecurity team has been investigating an instance of theft from one of their customers. According to the information they have, the criminals hacked into the mailbox of one Bob Wright (a member of the finance department). Minutes before the theft, the credit controllers had spoken to the customer as their account was in arrears. What type of attack was carried out against the customer?

a. Social engineering

b. On-path attack

c. Invoice scam

d. Watering hole attack

44 / 50

You are a cybersecurity administrator for a large multinational organization that employs 25,000 people worldwide in 14 different countries. You are investigating a cyber-attack that happened last night. The security log file shows the following entries:

22:00 JSmith Login: Failed
22:30 SmithJ Login: Failed
22:45 Account1 Login: Failed
22:50 Account2 Login: Failed
23:00 HVAC 1 Login: Successful

Which of the following BEST describes the type of attack the company has been subjected to?

a. Service account attack

b. Supply chain attack

c. Insider threat

d. Spyware attack

45 / 50

You are the security administrator for a small company, and the managing director has been complaining that his desktop has been acting erratically. He thinks that he must have a virus. When you arrive at his office, the managing director seems determined to mention that he has a virus. What is the FIRST task that you need to complete?

a. Disconnect the desktop from the company network.

b. Format the hard drive and reinstall the operating system.

c. Ignore his comments.

d. Run a virus scanner.

46 / 50

A multinational company has used a traditional network layout for all locations over the past 15 years. Six months ago, they opened a new site in New Jersey that deployed its very first virtual network. The IT team in New Jersey found that they could recover a host computer within 5 minutes. Over the weekend, an attacker managed to gain access to both the traditional and virtual networks via a vulnerable host, then moved laterally. On the virtual network, a domain controller was attacked, while on the traditional network, a SQL server was attacked. What were the two types of attacks that the company suffered?

a. VM escape

b. Containers

c. Pivoting

d. VM sprawl

e. Privilege escalation

47 / 50

When the Chief Information Officer (CIO) was at lunch, he received the following text message on his cell phone:

Congratulations, you have won a holiday for two people to Barbados with $20,000 spending money. To claim, please complete the following claim form by tomorrow: http://holiday/1stPrize/claim

He remembered seeing something similar on a security briefing. He showed the message to the cybersecurity team, who informed him that this message was a __________. Fill in the blank.

a. Phishing simulation

b. Vishing attack

c. Logic bomb

d. Smishing scam

48 / 50

Which of the following are examples of weak encryption? (Choose TWO answers.)

a. SHA1

b. DES

c. AES

d. MD5

e. RSA 1024

49 / 50

When a company executive was charging his smartphone at a foreign airport, he discovered that some of the company data was stolen. What type of attack has been carried out, and how can this be prevented in the future? Select TWO answers (one for the type of attack and one for the prevention method).

a. Bluesnarfing

b. Bluejacking

c. Juice jacking

d. USB data blocker

e. Faraday cage

f. Disable the Wi-Fi connection

50 / 50

You are the system administrator for a multinational corporation. The CEO attended a cybersecurity summit. During the summit, he met many people who had the skills to carry out penetration testing. He made an appointment for one of them to come and visit him in his office as he was very interested in having a penetration test performed on behalf of the company. When the summit ended, the CEO received a promotional bag that included digital material. Two days later, malware was found on his corporate laptop. Which of the following is the MOST LIKELY reason that his laptop was infected?

a. He forgot to update his anti-virus solution.

b. The USB drive with promotional material was infected.

c. Someone in the summit hacked into his laptop and installed the malware.

d. The firewall on his laptop was disabled and someone installed the malware.

Your score is

0%

Cookie	Duration	Description
_GRECAPTCHA	11 months	This cookie is used by Google Recaptcha
cookielawinfo-checkbox-advertisement	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	This cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	11 months	This cookie Records the default button state of the corresponding category along with the status of CCPA.
viewed_cookie_policy	11 months	This cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	11 months	This cookie is used by Google Analytics
_gat_gtag_UA_284627_22	11 months	This cookie is used by Google Analytics
_gid	11 months	This cookie is used by Google Analytics