Test your basic knowledge |

Comptia Security +: Cyber Ops

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Mal - the security administrator - is implementing a web content fitter. Which of the following is the MOST important design consideration in regards to availability?






2. Mal - a user - submitted a form on the Internet but received an unexpected response shown below Server Error in "/" Application Runtime error in script on asp.net version 2.0 Which of the following controls should be put in place to prevent Mal from






3. Starbuck's - a user - word processing software is exhibiting strange behavior - opening and closing itself at random intervals. There is no other strange behavior on the system. Which of the following would mitigate this problem in the future?






4. Mal - a security administrator - wants to secure remote telnet services and decides to use the services over SSH. Which of the following ports should Mal allow on the firewall by default?






5. Which of the following is used to verify the identity of the sender of a signed email?






6. After setting up a root CA. which of the following can Mal - a security administrator - implement to allow intermediate CAs to handout keys and certificates?






7. Which of the following may cause Starbuck - the security administrator - to seek an ACL work around?






8. The corporate NIPS requires a daily download from its vendor with updated definitions in order to block the latest attacks. Which of the following describes how the NIPS is functioning?






9. Which of the following is similar to a smurf attack - but uses UDP instead to ICMP?






10. Which of the following security tools can Starbuck - an administrator - implement to mitigate the risks of theft?






11. River Tam - a security administrator - suspects that a web server may be under attack. The web logs have several entries containing variations of the following entries: 'or 1=1-- or1'=1-- 'or1=1'






12. Which of the following technologies would allow the removal of a single point of failure?






13. River Tam - an attacker - is recording a person typing in their ID number into a keypad to gain access to the building. River Tam then calls the helpdesk and informs them that their PIN no longer works and would like to change it. Which of the follow






14. River Tam - a security administrator - has configured a trusted OS implementation on her servers. Which of the following controls are enacted by the trusted OS implementation?






15. Which of the following is BEST utilized to actively test security controls on a particular system?






16. An application company sent out a software patch for one of their applications on Monday. The company has been receiving reports about intrusion attacks from their customers on Tuesday. Which of the following attacks does this describe?






17. Jayne - a server administrator - sets up database forms based on security rating levels. If a user has the lowest security rating then the database automatically determines what access that user has. Which of the following access control methods does






18. Which of the following should Mal - an administrator - use to verify the integrity of a downloaded file?






19. Traffic has stopped flowing to and from the company network after the inline IPS hardware failed. Which of the following has occurred?






20. Which of the following password policies is the MOST effective against a brute force network attack?






21. Which of the following is BEST used to break a group of IP addresses into smaller network segments or blocks?






22. When used alone - which of the following controls mitigates the risk of River Tam - an attacker - launching an online brute force password attack?






23. 3DES is created when which of the following scenarios occurs?






24. Which of the following are restricted to 64-bit block sizes?






25. In a wireless network - which of the following components could cause too much coverage - too little coverage - and interference?






26. River Tam - the security engineer - has discovered that a breach is in progress on a non-production system of moderate importance. Which of the following should River Tam collect FIRST?






27. Which of the following security concepts establishes procedures where creation and approval are performed through distinct functions?






28. Starbuck - a security administrator - has completed the imaging process for 20 computers that were deployed. The image contains the operating system and all required software. Which of the following is this an example of?






29. Which of the following types of data encryption would Starbuck - a security administrator - use if MBR and the file systems needed to be included?






30. Which of the following malware types is BEST described as protecting itself by hooking system processes and hiding its presence?






31. Mal is reporting an excessive amount of junk mail on the network email server. Which of the following would ONLY reduce the amount of unauthorized mail?






32. An example of a false negative






33. Which of the following implements two factor authentication based on something you know and something you have?






34. In the event of a mobile device being lost or stolen - which of the following BEST protects against sensitive information leakage?






35. Which of the following should be implemented to restrict wireless access to the hardware address of a NIC?






36. Mal - a network administrator - implements the spanning tree protocol on network switches. Which of the following issues does this address?






37. Which of the following is where an unauthorized device is found allowing access to a network?






38. While traveling - users need access to an internal company web server that contains proprietary information. Mal - the security administrator - should implement a...






39. Which of the following describes the ability for a third party to verify the sender or recipient of a given electronic message during authentication?






40. Which of the following is an attack where Mal spreads USB thumb drives throughout a bank's parking lot in order to have malware installed on the banking systems?






41. To mitigate the adverse effects of network modifications - which of the following should Jayne - the security administrator - implement?






42. Which of the following combinations represents multifactor authentication?






43. Account lockout is a mitigation strategy used by Starbuck - the administrator - to combat which of the following attacks?






44. Which of the following ports would be blocked if Mal - a security administrator - wants to disable FTP?






45. Which of the following ports would be blocked if Mal - a security administrator - wants to deny access to websites?






46. River Tam - a security administrator - has generated a key pair for the company web server. Which of the following should she do next to ensure all web traffic to the company web server is encrypted?






47. River Tam and Starbuck - users - are reporting an increase in the amount of unwanted email that they are receiving each day. Which of the following would be the BEST way to respond to this issue without creating a lot of administrative overhead?






48. A company notices that there is a flaw in one of their proprietary programs that the company runs in-house. The flaw could cause damage to the HVAC system. Which of the following would the company transfer to an insurance company?






49. Which of the following is a feature of Kerberos?






50. An SQL injection vulnerability can be caused by which of the following?