Test your basic knowledge |

Comptia Security +: Cyber Ops

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Mal - a network administrator - implements the spanning tree protocol on network switches. Which of the following issues does this address?






2. The public key is used to perform which of the following?






3. The fundamental information security principals include confidentiality - availability and which of the following?






4. Which of the following security tools can Starbuck - an administrator - implement to mitigate the risks of theft?






5. River Tam - a security administrator - has generated a key pair for the company web server. Which of the following should she do next to ensure all web traffic to the company web server is encrypted?






6. A computer is put into a restricted VLAN until the computer's virus definitions are up-to-date. Which of the following BEST describes this system type?






7. River Tam - a forensic investigator - believes that the system image she was presented with is not the same as the original source. Which of the following should be done to verify whether or not the image has been tampered with?






8. River Tam - a security analyst - discovers which operating systems the client devices on the network are running by only monitoring a mirror port on the router. Which of the following techniques did River Tam use?






9. In the event of a mobile device being lost or stolen - which of the following BEST protects against sensitive information leakage?






10. Which of the following would help Mal - an administrator - prevent access to a rogue access point connected to a switch?






11. While conducting a network audit - River Tam - a security administrator - discovers that most clients are routing their network traffic through a desktop client instead of the company router. Which of the following is this attack type?






12. Which of the following combinations represents multifactor authentication?






13. Which of the following is BEST described by a scenario where organizational management chooses to implement an internal Incident Response Structure for the business?






14. Which of the following attacks is characterized by River Tam attempting to send an email from a Chief Information Officer's (CIO's) non-corporate email account to an IT staff member in order to have a password changed?






15. Which of the following elements makes up the standard equation used to define risk?






16. The IT Security Department has completed an internal risk assessment and discovered the use of an outdated antivirus definition file. Which of the following is the NEXT step that management should take?






17. Which of the following are security relevant policies?






18. Mal - the Chief Executive Officer (CEO) of a company - has increased his travel plans for the next two years to improve business relations. Which of the following would need to be in place in case something happens to Pete?






19. Which of the following administrative controls BEST mitigates the risk of ongoing inappropriate employee activities in sensitive areas?






20. Mal - a security administrator - has observed repeated attempts to break into the network. Which of the following is designed to stop an intrusion on the network?






21. Which of the following BEST describes a software vulnerability that is actively being used by River Tam and Starbuck - attackers - before the vendor releases a protective patch or update?






22. Which of the following is the purpose of the spanning tree protocol?






23. Which of the following implements two factor authentication based on something you know and something you have?






24. Starbuck - a security administrator - wants to prevent users in sales from accessing their servers after 6:00 p.m. - and prevent them from accessing accounting's network at all times. Which of the following should Starbuck implement to accomplish the






25. River Tam - the security engineer - has discovered that a breach is in progress on a non-production system of moderate importance. Which of the following should River Tam collect FIRST?






26. Which of the following is BEST utilized to actively test security controls on a particular system?






27. Jayne - a systems security engineer - is determining which credential-type authentication to use within a planned 802.1x deployment. He is looking for a method that does not require a client certificate - has a server side certificate - and uses TLS






28. Jayne's CRL is over six months old. Which of the following could Jayne do in order to ensure he has the current information?






29. When moving from an internally controlled environment to a fully outsourced infrastructure environment - such as cloud computing - it is MOST important to...






30. River Tam - an attacker - is recording a person typing in their ID number into a keypad to gain access to the building. River Tam then calls the helpdesk and informs them that their PIN no longer works and would like to change it. Which of the follow






31. While River Tam is logging into the server from her workstation - she notices Mal watching her enter the username and password. Which of the following social engineering attacks is Mal executing?






32. Mal - a user - submitted a form on the Internet but received an unexpected response shown below Server Error in "/" Application Runtime error in script on asp.net version 2.0 Which of the following controls should be put in place to prevent Mal from






33. Which of the following ports would be blocked if Mal - a security administrator - wants to deny access to websites?






34. Which of the following is a feature of Kerberos?






35. Starbuck - an IT security technician working at a bank - has implemented encryption between two locations. Which of the following security concepts BEST exemplifies the protection provided by this example?






36. River Tam - an IT administrator - wants to protect a cluster of servers in a DMZ from zero day attacks. Which of the following would provide the BEST level of protection?






37. An example of a false negative






38. Which of the following is used to verify the identity of the sender of a signed email?






39. A data loss prevention strategy would MOST likely incorporate which of the following to reduce the risk associated with data loss?






40. The Chief Information Security Officer (CISO) tells the network administrator that a security company has been hired to perform a penetration test against their network. The security company asks the CISO which type of testing would be most beneficia






41. Which of the following describes the ability for a third party to verify the sender or recipient of a given electronic message during authentication?






42. Which of the following has a default port of 22?






43. Which of the following would MOST likely be implemented in order to prevent employees from accessing certain websites?






44. The corporate NIPS requires a daily download from its vendor with updated definitions in order to block the latest attacks. Which of the following describes how the NIPS is functioning?






45. Which of the following mitigates the risk of proprietary information being compromised?






46. Which of the following password policies is the MOST effective against a brute force network attack?






47. The accounting department needs access to network share A to maintain a number of financial reporting documents. The department also needs access to network share B in HR to view payroll documentation for cross-referencing items. River Tam - an admin






48. Which of the following practices reduces the attack surface of a wireless network?






49. Employees are reporting that they are receiving unusual calls from the help desk for the purpose of verifying their user credentials. Which of the following attack types is occurring?






50. Which of the following network devices will prevent port scans?