ComptiA Security+ Certification Exam Questions and answer - Part 30

1. Ann,a security administrator,has been instructed to perform fuzz-based testing on the company's applications. Which of the following best describes what she will do?

A) Enter random or invalid data into the application in an attempt to cause it to fault
B) Work with the developers to eliminate horizontal privilege escalation opportunities
C) Test the applications for the existence of built-in- back doors left by the developers
D) Hash the application to verify it won't cause a false positive on the HIPS



2. Ann a security analyst is monitoring the IDS console and noticed multiple connections from an internal host to a suspicious call back domain. Which of the following tools would aid her to decipher the network traffic?

A) Vulnerability Scanner
B) NMAP
C) NETSTAT
D) Packet Analyzer



3. Ann,a security analyst,wants to implement a secure exchange of email. Which of the following is the BEST option for Ann to implement?

A) PGP
B) HTTPS
C) WPA
D) TLS



4. Ann is the IS manager for several new systems in which the classifications of the systems' data are being decided. She is trying to determine the sensitivity level of the data being processed. Which of the following people should she consult to determine the data classification?

A) Steward
B) Custodian
C) User
D) Owner



5. An office manager found a folder that included documents with various types of data relating to corporate clients. The office manager notified the data included dates of birth,addresses,and phone numbers for the clients. The office manager then reported this finding to the security compliance officer. Which of the following portions of the policy would the security officer need to consult to determine if a breach has occurred?

A) Public
B) Private
C) PHI
D) PII