Free Questions on CompTIA Security Exam

25 Free Questions on CompTIA Security+ (SY0-601) Certification Exam

CompTIA Security+ Certification is one of the most popular and demanded security certification in the industry. This certification exam validates your basic skills on security and cybersecurity. This exam is launched from November 2021.

In this article, we are listing down 25 free sample exam questions for the certification CompTIA Security+ (SY0-601). These questions are part of Whizlabs exam simulator. If you are preparing for this certification exam, please buy complete set of practice questions for CompTIA Security exam.

CompTIA Security Exam Sample Questions

Domain : Threats, Attacks, and Vulnerabilities

Q1 : You were visiting a website but accidentally misspelt the name. You were taken to the same website that you intended to visit. After you exit the website, your system becomes unstable. Which of the following attacks has occurred?

A. Typosquatting
B. Spear Phishing
C. Whaling
D. Prepending

Correct Answer: A 

Explanation:

Typosquatting is a type of attack in which attackers register intentionally misspelled domain names similar to popular domain names like Google.com. Attackers would register a similar domain name, such as gogle.com or gooogle.com, malicious websites.

Option A is correct. Typosquatting is an attack in which attackers register intentionally misspelled domain names similar to popular domain names like Google.com. Attackers would register a similar domain name, such as gogle.com or gooogle.com, malicious websites.
Option B is incorrect. Spear phishing is a social engineering attack that targets individuals in an organization.
Option C is incorrect. Whaling is a social engineering attack that targets high-profiled individuals in an organization.
Option D is incorrect. Prepending is adding a disclaimer or information text to the emails received from external domains. 

Reference: To know more about typosquatting, please refer to the doc below: What is Typosquatting? | Kaspersky 

Domain : Threats, Attacks, and Vulnerabilities

Q2 : Someone has created a Facebook page with your name. The Facebook page contains your information and photos. Which type of social engineering attack has occurred?

A. Impersonation
B. Identity Theft
C. Whaling
D. Spear Phishing

Correct Answer: B 

Explanation:

In this scenario, the identity theft attack has occurred. In this attack, the attacker uses someone else’s information and photos and uses it for a malicious purpose. 

Option A is incorrect. An impersonation attack occurs when the attacker pretends to be someone else to extract information from a victim.
Option B is correct. In this scenario, an identity theft attack has occurred. In this attack, the attacker uses someone else’s information and photos and uses it for a malicious purpose.
Option C is incorrect. Whaling is a social engineering attack that targets high-profiled individuals in an organization.
Option D is incorrect. Spear phishing is a social engineering attack that targets individuals in an organization.

Reference: To know more about identity theft, please refer to the doc below: Identity Theft Definition (investopedia.com)

 

Domain : Threats, Attacks, and Vulnerabilities

Q3 : Which of the following can be the carrier for a backdoor trojan into a system? 

A. Fileless
B. Worm
C. Trojan Horse
D. Logic bomb

Correct Answer: C 

Explanation:

A trojan horse is malware hidden inside a legitimate executable file. It allows the attacker to gain backdoor access to the system.

Option A is incorrect. The fileless virus does not depend on an executable file. It is rather loaded into the memory and becomes difficult to detect by antimalware applications. 
Option B is incorrect. A worm is a malware that infects one system and then travels over the network to infect the other systems by replicating itself.
Option C is correct. A trojan horse is malware that is hidden inside a legitimate executable file. It allows the attacker to gain backdoor access to the system. 
Option D is incorrect. A logic bomb works with a certain condition or criteria. In this scenario, it can be assumed that rebooting the fileserver was a condition that deleted the files afterward.

Reference: To know more about the trojan horse, please refer to the doc below: Backdoor Trojan – Firewalls.com

 

Domain : Threats, Attacks, and Vulnerabilities

Q4 : Which of the following attack reverse a cryptography hash function?

A. Dictionary attack
B. Password spraying attack
C. Brute-force attack
D. Rainbow table attack

Correct Answer: D

Explanation:

A rainbow table contains a list of hashes for passwords. When an attacker gains access to the password hashes, it can run them against the rainbow table and get the real password. In a rainbow table attack, an attacker does not try the real passwords but attempts to get the password hashes that can be run against the hashes in the rainbow table.

Option A is incorrect. A dictionary attack uses a dictionary and tries words as passwords against a user account. It cannot circumvent an account lockout because the account gets locked out after a certain number of wrong password attempts. 
Option B is incorrect. A password spraying attack is conducted to circumvent the account lockout. It attempts to access several user accounts with the same password. An account lockout policy locks an account if there are many wrong password attempts. There is only one password attempted with one user account in password spraying. It escapes the account lockout policy and does not get detected.
Option C is incorrect. A brute-force uses a combination of letters, numbers, and special characters as passwords against a user account. It cannot circumvent an account lockout because the account gets locked out after a certain number of wrong password attempts. 
Option D is correct. A rainbow table contains a list of hashes for passwords. When an attacker gains access to the password hashes, it can run them against the rainbow table and get the real password. In a rainbow table attack, an attacker does not try the real passwords but attempts to get the password hashes that can be run against the hashes in the rainbow table.

Reference: To know more about rainbow tables, please refer to the doc below: Rainbow Tables – CyberHoot Cyber Library

 

Domain : Threats, Attacks, and Vulnerabilities

Q5 : An attacker inserted a piece of malicious code into a live process. Which of the following type of attack is taking place?

A. Buffer overflow
B. DLL Injection
C. Privilege escalation
D. Replay attack

Correct Answer: B 

Explanation:

In this scenario, the DLL injection attack is occurring. DLL In this type of attack, a piece of malicious code is inserted into a live process. This way, the legitimate process uses the malicious inserted code via DLL. 

Option A is incorrect. In a buffer overflow attack, the attacker sends a large volume of data to the application’s storage space in memory. If the storage space is filled, it causes the buffer overflow error. 
Option B is correct. In this scenario, the DLL injection attack is occurring. DLL In this type of attack, a piece of malicious code is inserted into a live process. This way, the legitimate process uses the malicious inserted code via DLL.  
Option C is incorrect. The attacker gains administrative privileges after compromising a server in a privilege escalation attack.
Option D is incorrect. In a replay attack, the attacker captures a user’s web session with a packet capturing tool and then uses the same session ID to initiate another session.

Reference: To know more about DLL injection, please refer to the doc below: Process Injection: Dynamic-link Library Injection, Sub-technique T1055.001 – Enterprise | MITRE ATT&CK®

 

Domain : Threats, Attacks, and Vulnerabilities

Q6 : An attacker is using the hashes to crack an authentication protocol. Which type of attack is occurring?

A. Replay attack
B. Pass the Hash
C. Buffer overflow
D. Privilege escalation

Correct Answer: B 

Explanation:

In this scenario, the pass the hash attack is occurring. In this attack, the attacker captures the password hashes. Instead of decrypting the hashes, the attacker uses the hashes to crack the authentication protocol.

Option A is incorrect. In a replay attack, the attacker captures a user’s web session with a packet capturing tool and then uses the same session ID to initiate another session.
Option B is correct. In this scenario, the pass the hash attack is occurring. In this attack, the attacker captures the password hashes. Instead of decrypting the hashes, the attacker uses the hashes to crack the authentication protocol. 
Option C is incorrect. In a buffer overflow attack, the attacker sends a large volume of data to the application’s storage space in memory. If the storage space is filled, it causes the buffer overflow error.
Option D is incorrect. The attacker gains administrative privileges after compromising a server in a privilege escalation attack.

Reference: To know more about Pass the Hash, please refer to the doc below: What is a Pass-the-Hash Attack (PtH)? Get Definitions and Explanations in Our Security Term Glossary | BeyondTrust

 

Domain : Threats, Attacks, and Vulnerabilities

Q7 : A group of attackers stole sensitive information in an attack. After this attack, you found that they had been in the network for several months during the investigation. Which type of attackers were these?

A. Advanced Persistent Threat (APTs)
B. Hacktivists
C. Script Kiddies
D. Insider Threat

Correct Answer: A 

Explanation:

In this scenario, the attack is conducted by the APTs, who tend to stay low profile and can cause serious damage by stealing sensitive information. They work with their customized attack tools to conduct complex attacks. 

Option A is correct. In this scenario, the attack is conducted by the APTs, who tend to stay low profile and can cause serious damage by stealing sensitive information. They work with their customized attack tools to conduct complex attacks.
Option B is incorrect. Hacktivists have specific views, and if a government or organization does something opposing these views, the hacktivists are likely to attack them. In this scenario, the hacktivists group conducted the attack against the passed law. 
Option C is incorrect. Script kiddies are inexperienced hackers who tend to use readily available tools. A political motive does not drive them. 
Option D is incorrect. An insider threat originates from within an organization. The insider threats have their intentions to exfiltrate data or cause damage, but a political motive does not drive them.

Reference: To know more about APTs, please refer to the doc below: What is APT (Advanced Persistent Threat) | APT Security | Imperva

 

Domain : Threats, Attacks, and Vulnerabilities

Q8 : An attacker has exploited a zero-day vulnerability in an Internet-facing application. Which of the following is true about this attack?

A. There was no patch available for the vulnerability
B. An insider conducted the attack
C. The attack was conducted by an Advanced Persistent Threat (APTs)
D. The application was not updated with the latest security updates

Correct Answer: A 

Explanation:

There was no patch available for the vulnerability in this scenario. A zero-day attack occurs on a vulnerability that has never been discovered before, and therefore, it is obvious that there are no patches available for it. 

Option A is correct. A zero-day attack occurs on a vulnerability that has never been discovered before and therefore, it is obvious that there are not patches available for it. In this scenario, there was no patch available for the vulnerability.
Option B is incorrect. The scenario does not indicate that an insider conducted the attack. Insider attacks are usually focused on stealing confidential and sensitive information.
Option C is incorrect. The scenario does not indicate that an APTs conducted the attack. APTs tend to stay low profile and can cause serious damage by stealing sensitive information. They work with their customized attack tools to conduct complex attacks. 
Option D is incorrect. Even when an application is updated with the latest security updates, a zero-day vulnerability can be discovered if it exists and is exploited.

Reference: To know more about APTs, please refer to the doc below: Zero-Day Vulnerability – Definition (trendmicro.com)

 

Domain : Architecture and Design

Q9 : You want to name all systems on the network based on their department names. Which of the following should you use for this purpose?

A. Network diagram
B. Baseline configuration
C. IP Schema
D. Standard naming convention

Correct Answer: D 

Explanation:

In this scenario, you should use the standard naming convention, which helps you set specific names based on the team, department, room, or location. 

Option A is incorrect. Network diagrams define the network architecture and its components.
Option B is incorrect. Baseline configuration is a standardized configuration of a system. Using baseline configuration, you can configure other systems in a standardized manner.
Option C is incorrect. IP Schema defines the IP configuration of systems in a network. You can define a specific series of IP addresses to one department and another IP series to another department.
Option D is correct. You should use the standard naming convention, which helps you set specific names based on the team, department, room, or location.  

Reference: To know more about the standard naming convention, please refer to the doc below: BS1192 Naming Convention | Trimble Viewpoint

 

Domain : Architecture and Design

Q10 : You have decided to move your software development environment to the cloud. Which type of cloud delivery model would you be using in this scenario?

A. IaaS
B. PaaS
C. SaaS
D. XaaS

Correct Answer: B 

Explanation:

In this scenario, you would be using PaaS, Platform As A Service allows you to develop and maintain applications in the cloud.

Option A is incorrect. IaaS is Infrastructure As A Service, which allows you to set up an entire network or datacenter in the cloud. In this scenario, you have only to use an application. 
Option B is correct. PaaS is Platform As A Service that allows you to develop and maintain applications in the cloud. 
Option C is incorrect. In this scenario, you would be using the SaaS cloud delivery model, which allows you to use a cloud-hosted application. This reduces cost because you don’t have to purchase the application and work with subscriptions. 
Option D is incorrect. XaaS is Anything As A Service, allowing you to use anything in the cloud virtually. In this scenario, you have only to use an application.

Reference: To know more about the SaaS, please refer to the doc below:The Top 3 Cloud Computing Service Models (siriuscom.com)

 

Domain : Architecture and Design

Q11 : You want to perform integration testing of the application that you are developing. You also need to measure the application performance. Which of the following environment should you use for this purpose?

A. Development
B. Testing
C. Staging
D. Production

Correct Answer: B 

Explanation:

In this scenario, you need to use the testing environment isolated from the development environment. You perform the integration testing of various components that you have developed along with the application’s performance.

Option A is incorrect. You write code and build the application in the development environment.
Option B is correct. You need to use the testing environment, which is isolated from the development environment. You perform the integration testing of various components that you have developed along with the application’s performance.
Option C is incorrect. An application is deployed in staging before deploying it in the production environment. You perform the unit testing in the staging environment. It is almost a replica of the production environment with the same security and configuration settings.
Option D is incorrect. The production environment is the live environment. After staging, the application is deployed in the production environment when the results are as expected. 

Reference: To know more about the testing environment, please refer to the doc below: The staging environment vs. test environment: What’s the difference? – Plesk

 

Domain : Architecture and Design

Q12 : Which of the following is the biggest challenge in code reuse?

A. It is difficult to test
B. It requires more time to develop
C. It introduces more bugs
D. It is difficult to integrate

Correct Answer: B 

Explanation:

One of the biggest challenges in code reuse is the development time. Because you want the code to be reused later in other applications, you need to plan and develop it carefully.

Option A is incorrect. When you develop code, you test it thoroughly. When you reuse the code, the same code is tested only for integration.
Option B is correct. One of the biggest challenges in code reuse is the development time. Because you want the code to be reused later in other applications, you need to plan and develop it carefully.
Option C is incorrect. The code that needs to be reused is already tested. Therefore, there are fewer bugs or even no bugs compared to the newly developed code.
Option D is incorrect. The code is developed with its reusability in mind, and therefore, integration is not always a problem. 

Reference: To know more about code reusability, please refer to the doc below:What Is Code Reuse? How To Effectively Reuse Code | Perforce

 

Domain : Architecture and Design

Q13 : You receive a One Time Password (OTP) on your mobile phone. Which of the following is it an example of?

A. Something you know
B. Something you have
C. Something you exhibit
D. Something you are

Correct Answer: A

Explanation:

Passwords and OTPs are an example of something you know. It is typically used in two-factor or multi-factor authentication.

Option A is correct. Passwords and OTPs are an example of something you know. It is typically used in two-factor or multi-factor authentication.
Option B is incorrect. A smart card is an example of something you have.
Option C is incorrect. The way you talk or walk is an example of something you exhibit.
Option D is incorrect. A retina or fingerprint is an example of something you are.

Reference: To know more about something you have, please refer to the doc below: Multi-factor Authentication – SY0-601 CompTIA Security+ : 2.4 – Professor Messer IT Certification Training Courses

 

Domain : Architecture and Design

Q14 : Which of the following defines False Rejection Rate (FRR)?

A. An illegitimate or wrong user is authenticated
B. A legitimate user wrongly fails authenticated
C. An illegitimate user is not authenticated
D. It is equal to the Crossover Error Rate (CRR)

Correct Answer: B 

Explanation:

Crossover Error Rate is the percentage of times when FAR and FRR are equal. False rejection rate (FRR) occurs when a legitimate user is not authenticated. FAR occurs when an illegitimate or wrong user is authenticated successfully. CRR occurs when FAR and FRR are equal.

Option A is incorrect. FAR occurs when an illegitimate or wrong user is authenticated successfully.
Option B is correct. False rejection rate (FRR) occurs when a legitimate user is wrongly not authenticated. FAR occurs when an illegitimate or wrong user is authenticated successfully. 
Option C is incorrect. This is incorrect. An illegitimate user should not be authenticated. Neither FAR nor FRR are related to it.
Option D is incorrect. CRR occurs when FAR and FRR are equal. FRR is not equal to CRR.

Reference: To know more about FRR, please refer to the doc below: Biometric security jargon: CER, EER, FRR, FAR (johndcook.com)

 

Domain : Architecture and Design

Q15 : You have configured NIC teaming in a critical server. Along with redundancy, which of the following does the NIC team provide?

A. Load balancing
B. Multipath
C. High availability
D. Scalability

Correct Answer: A 

Explanation:

Along with redundancy, NIC teaming provides load balancing. The incoming traffic is distributed to the network interface cards (NICs).

Option A is correct. The incoming traffic is distributed to both the network interface cards (NICs). Along with redundancy, NIC teaming provides load balancing.
Option B is incorrect. Multipath is the path between the CPUs and the RAID systems.
Option C is incorrect. High availability is about keeping the servers and applications available around the clock. High availability applications have minimum downtime.
Option D is incorrect. Scalability is the ability to provide more resources to the applications as they demand more due to peak load.

Reference: To know more about NIC Teaming, please refer to the doc below: NIC Teaming | Microsoft Docs

 

Domain : Implementation

Q16 : Which of the following would be a secure replacement of Telnet?

A. HTTPS
B. DNSSec
C. SNMP
D. SSH

Correct Answer: D 

Explanation:

Telnet transmits the information in clear text and is rarely used. SSH is secure, replaces Telnet, and encrypts the channels information needs to travel.

Option A is incorrect. HTTPS is used for secure Web browsing. It is used instead of HTTP.
Option B is incorrect. DNSSEC is an extended and secure version of DNS.
Option C is incorrect. SNMP is used for monitoring network devices. SNMP v3 is a secure version.
Option D is correct. Telnet transmits the information in clear text and is rarely used. SSH is secure, replaces Telnet, and encrypts the channels information needs to travel. 

Reference: To know more about SSH, please refer to the doc below: Telnet vs. SSH: Key Differences (guru99.com)

 

Domain : Implementation

Q17 : Which of the following protocol should you use to secure voice and video?

A. IPSec
B. HTTPS
C. SFTP
D. SRTP 

Correct Answer: D 

Explanation:

From the given choices, you need to use SRTP, which stands for Secure Real-time Transport Protocol (SRTP). It is mainly used to secure voice and video transmissions.

Option A is incorrect. IPSec is used with VPNs to authenticate and encrypt data packets. 
Option B is incorrect. HTTPS is used for secure Web browsing.
Option C is incorrect. SFTP uses SSH for secure file transfer.
Option D is correct. SRTP stands for Secure Real-time Transport Protocol (SRTP). It is mainly used to secure voice and video transmissions.

Reference: To know more about SRTP, please refer to the doc below: Secure Real-time Transport Protocol – Wikipedia

 

Domain : Implementation

Q18 : You want to perform a code scan to find any malicious code hidden inside. Which of the following method should you use?

A. Use a sandbox
B. Perform a static analysis
C. Perform a dynamic analysis
D. Conduct fuzzing 

Correct Answer: B 

Explanation:

Static code analysis requires you to review the code and find errors and malicious code hidden inside it.

Option A is incorrect. You should use a sandbox where you can inspect the malware. A sandbox is an isolated environment often used to test the applications. The impact of malware or a malicious application is retained within the sandbox.
Option B is correct. Static code analysis requires you to review the code and find errors and malicious code hidden inside it. 
Option C is incorrect. To perform dynamic analysis, you need to execute the malware, which will impact the host system. Dynamic analysis is always performed when the application is running.
Option D is incorrect. Fuzzing is about injecting random data into an application to detect errors.

Reference: To know more about static code analysis, please refer to the doc below: What Is Static Analysis? Static Code Analysis Overview | Perforce

 

Domain : Implementation

Q19 : In which of the wireless network, a user does not need to know the password to connect?

A. WPS
B. WEP
C. WPA
D. WPA2

Correct Answer: A 

Explanation:

WiFi Direct uses WPS protocol, which exchanges credentials. Users are not required to know the password to connect using WPS.

Option A is correct. WiFi Direct uses WPS protocol, which exchanges credentials. Users are not required to know the password to connect using WPS.
Option B is incorrect. The wireless devices no longer support WEP. It is a weak wireless protocol that uses symmetric encryption.
Option C is incorrect. WPA used 128-bit encryption and was used to replace WEP. WPA is also no longer used.
Option D is incorrect. WPA2 is an advanced version of WPA. It is still in existence and can be used with pre-shared keys or enterprise mode, which uses a RADIUS server.

Reference: To know more about WPS, please refer to the doc below: Simple questions: What is WPS (Wi-Fi Protected Setup) and how does it work? | Digital Citizen

 

Domain : Implementation

Q20 : If you compromise a jump server, which of the following outcomes is likely to occur as an attacker?

A. You will have access to the entire network
B. You will be navigated to a restricted and isolated environment
C. You will have access to the jump server only
D. You will be navigated to the DMZ environment

Correct Answer: A 

Explanation:

A jump server is a server that authenticates the users before they can access a network. It is like a gatekeeper. After the users are authenticated, they can access the network with fewer restrictions. If the jump server is compromised, the attacker virtually has access to the entire network.

Option A is correct. A jump server is a server that authenticates the users before they can access a network. It is like a gatekeeper. After the users are authenticated, they can access the network with fewer restrictions. If the jump server is compromised, the attacker virtually has access to the entire network.
Option B is incorrect. This is not true. The attacker will have access to the entire network. 
Option C is incorrect. This is not true. The attacker will have access to the entire network.
Option D is incorrect. This is not true. The attacker will have access to the entire network.

Reference: To know more about jump servers, please refer to the doc below: Why Jump Servers Are Obsolete – JumpCloud

 

Domain : Implementation

Q21 : You have configured a root and two subordinate certificate authorities. You want to ensure that the root server is highly secured. Which of the following recommended method should you use?

A. Power off the root server and keep it offline
B. Break the replication between the root and subordinate servers
C. Move the subordinate servers to a different network
D. Have only administrator’s access to the root server

Correct Answer: A 

Explanation:

To ensure that a root certificate authority is highly secure, you should power off the root server and keep it offline. If the root server is compromised, the entire certificate authority environment is compromised.

Option A is correct. To ensure that a root certificate authority is highly secure, you should power off the root server and keep it offline. If the root server is compromised, the entire certificate authority environment is compromised.
Option B is incorrect. No replication takes place between the root server and subordinate certificate authorities.
Option C is incorrect. Moving the certificate authorities to a different network will not make an impact. It is the root server that needs to be secured.
Option D is incorrect. Any access to the root server is a high risk.

Reference: To know more about securing root certificate authority, please refer to the doc below: Offline root certificate authority – Wikipedia

 

Domain : Implementation

Q22 : Which of the following can reduce the impact of lateral movement in an attack?

A. Network segmentation
B. VPN
C. Screened subnet
D. Private subnet

Correct Answer: A 

Explanation:

When an attack occurs on a network, the attacker wants to perform the lateral movement to search for sensitive information. This usually happens when you have a flat network. With the help of network segmentation, you can reduce the attack by preventing the attacker from moving laterally in the network. 

Option A is correct. When an attack occurs on a network, the attacker wants to perform the lateral movement to search for sensitive information. This usually happens when you have a flat network. With the help of network segmentation, you can reduce the attack by preventing the attacker from moving laterally in the network.
Option B is incorrect. A VPN or Virtual Private Network is used for remote connectivity.
Option C is incorrect. A screened subnet is the DMZ or demilitarized zone, which hosts the Internet-facing servers. 
Option D is incorrect. A private subnet is a subnet that is locally located within a network. It is not accessible to the outside world.

Reference: To know more about network segmentation, please refer to the doc below: Lateral Movement Security Micro-Segmentation | Guardicore

 

Domain : Implementation

Q23 : When using OAuth 2.0, other than JSON, which other protocol is used?

A. IPSec
B. SMTP
C. HTTP
D. HTTPS

Correct Answer: C 

Explanation:

When an attack occurs on a network, the attacker wants to perform the lateral movement to search for sensitive information. This usually happens when you have a flat network. With the help of network segmentation, you can reduce the attack by preventing the attacker from moving laterally in the network. 

Option A is incorrect. IPSec is used for securing network transmission in VPN.
Option B is incorrect. SMTP is for sending emails over the Internet.
Option C is correct. When using OAuth 2.0, other than JSON, HTTP is the second protocol used. 
Option D is incorrect. HTTPS is used for secure Web browsing.

Reference: To know more about network segmentation, please refer to the doc below: OAuth – Wikipedia

 

Domain : Operations and Incident Response

Q24 : You are about to initiate a penetration test. You want first to gather the email IDs of the employees. Which of the following tool should you use?

A. Cuckoo 
B. Nessus 
C. sn1per
D. theHarvester

Correct Answer: D 

Explanation:

theHarvester is an open-source tool specializing in gathering information, such as emails, employee information, sub-domains, and hostnames. It can use a variety of search engines, such as Google and Bing, and other platforms, such as LinkedIn.

Option A is incorrect. Cuckoo is an open-source sandbox for malware analysis.
Option B is incorrect. Nessus is a vulnerability management tool.
Option C is incorrect. sn1per is an information gathering and penetration testing platform. It helps you discover the attack surface and handle risks.
Option D is correct. theHarvester is an open-source tool specializing in gathering information, such as emails, employee information, sub-domains, and hostnames. It can use a variety of search engines, such as Google and Bing, and other platforms, such as LinkedIn.

Reference: To know more about theHarvester, please refer to the doc below: Python theHarvester – How to use it? – GeeksforGeeks

 

Domain : Operations and Incident Response

Q25 : You are about to initiate a penetration test. Instead of using theHarvester tool, you want to use an alternative to enumerate subdomains. Which of the following tools can serve as an alternative to theHarvester?

A. Cuckoo 
B. Metasploit
C. sn1per
D. sublist3r 

Correct Answer: D 

Explanation:

The sublist3r tool is an alternate to theHarvester tool. It can be used to enumerate subdomains.

Option A is incorrect. Cuckoo is an open-source sandbox for malware analysis.
Option B is incorrect. Metasploit is a penetration testing framework that allows you to use existing exploits or write custom ones to exploit existing vulnerabilities.
Option C is incorrect. sn1per is an information gathering and penetration testing platform. It helps you discover the attack surface and handle risks.
Option D is correct. The sublist3r tool is an alternate to theHarvester tool. It can be used to enumerate subdomains.

Reference: To know more about sublist3r, please refer to the doc below:GitHub – aboul3la/Sublist3r: Fast subdomains enumeration tool for penetration testers

Hope this article helped you to get some idea on how the sample questions of CompTIA Security Certification Exam looks like. If you have any questions on this security certification exam, please contact us.

About Abilesh Premkumar

Abilesh holds a Master's degree in Information technology and Master of Philosophy Degree in Computer Science and did his Research on Information security via Collaborative Inference Detection. Also, received an Honorary Doctorate from UNO recognized organization. He contributes to Cloud research and supports building cloud computing tools.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top