SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
Comptia Security +: Cyber Ops
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Starbuck - the administrator - is tasked with deploying a strong encryption cipher. Which of the following ciphers would she be the LEAST likely to choose?
Antenna placement; Power-level control
Port scan
Install both the private and the public key on the web server.
Two fish
2. River Tam - a security administrator - suspects that a web server may be under attack. The web logs have several entries containing variations of the following entries: 'or 1=1-- or1'=1-- 'or1=1'
NIPS
The IDS does not identify a buffer overflow
Non-repudiation
SQL injection
3. A company notices that there is a flaw in one of their proprietary programs that the company runs in-house. The flaw could cause damage to the HVAC system. Which of the following would the company transfer to an insurance company?
Mandatory vacations
Worm outbreak
Penetration testing
Risk
4. Marketing creates a new folder and requests the following access be assigned: Sales Department - Read Marketing Department - Full Control Inside Sales - Read Write This is an example of which of the following?
80
RBAC
UDP 53
Passive finger printing
5. River Tam - an attacker - is recording a person typing in their ID number into a keypad to gain access to the building. River Tam then calls the helpdesk and informs them that their PIN no longer works and would like to change it. Which of the follow
Impersonation
NIPS
PII handling
SSH
6. Jayne - the security administrator - notices a spike in the number of SQL injection attacks against a web server connected to a backend SQL database. Which of the following practices should be used to prevent an application from passing these attacks
VLAN mismatch is occurring.
Encrypt all confidential data.
Mandatory access control
Input validation
7. Which of the following network solutions would BEST allow Starbuck - a security technician - to host an extranet application for her company?
Software as a Service
Dictionary; Brute force
Dual-homing a server
Separation of duties
8. While conducting a network audit - River Tam - a security administrator - discovers that most clients are routing their network traffic through a desktop client instead of the company router. Which of the following is this attack type?
Input validation
ARP poisoning
Impersonation
Logic bomb
9. Which of the following elements makes up the standard equation used to define risk?
Evil twin
Vishing
Impact; Likelihood
Fail state of the system
10. Account lockout is a mitigation strategy used by Starbuck - the administrator - to combat which of the following attacks?
Confidentiality
Vishing
Dictionary; Brute force
SSH
11. Mal - a security engineer - is trying to inventory all servers in a rack. The engineer launches RDP sessions to five different PCs and notices that the hardware properties are similar. Additionally - the MAC addresses of all five servers appear on th
Port scanner
Change management
Antenna placement; Power-level control
The system is virtualized
12. Which of the following is BEST associated with PKI?
Cable locks
Private key
Subnetting
Confidentiality
13. Starbuck has a vendors server in-house for shipping and receiving. She wants to ensure that if the server goes down that the server in-house will be operational again within 24 hours. Which of the following should Starbuck define with the vendor?
Port scanner
Port scan
CA
Mean time to restore
14. Which of the following is BEST described by a scenario where organizational management chooses to implement an internal Incident Response Structure for the business?
Key escrow
Mitigation
Protocol analyzers
Antenna placement; Power-level control
15. Which of the following should be implemented to restrict wireless access to the hardware address of a NIC?
Detective
Software as a Service
MAC filtering
Zero day
16. Which of the following is the MOST secure protocol for Mal - an administrator - to use for managing network devices?
Create file hashes for website and critical system files - and compare the current file hashes to the baseline at regular time intervals.
SSH
The security company is provided with no information about the corporate network or physical locations.
Impersonation
17. Which of the following reduces the likelihood of a single point of failure when a server fails?
Succession planning
Clustering
Humidity controls
Log reviews
18. Mal - the security administrator - is implementing a web content fitter. Which of the following is the MOST important design consideration in regards to availability?
Impact; Likelihood
Deploy an anti-spam device to protect the network.
Fail state of the system
21
19. Which of the following is a reason why Mal - a security administrator - would implement port security?
Change management
Single sign-on
22
To limit the number of endpoints connected through the same switch port
20. River Tam - an administrator - suspects a denial of service attack on the network - but does not know where the network traffic is coming from or what type of traffic it is. Which of the following would help River Tam further assess the situation?
Protocol analyzer
Anti-spam
P2P
Change management
21. Which of the following attacks would be used if River Tam - a user - is receiving unwanted text messages?
Blue jacking
RAS
VLAN mismatch is occurring.
Cable locks
22. Which of the following is the BEST solution to securely administer remote servers?
Port scan
Mitigate risk and develop a maintenance plan.
SSH
MD5 checksum
23. Which of the following data loss prevention strategies mitigates the risk of replacing hard drives that cannot be sanitized?
Vulnerability scan
NAC
TACACS+
Full disk encryption
24. Which of the following accurately describes the STRONGEST multifactor authentication?
Impact; Likelihood
Failsafe
Full disk encryption
Something you are - something you have
25. Which of the following is a policy that would force all users to organize their areas as well as help in reducing the risk of possible data theft?
Loop protection
The security company is provided with no information about the corporate network or physical locations.
Fail state of the system
Clean desk policy
26. Which of the following are restricted to 64-bit block sizes?
CA
The system is virtualized
Firewall
DES;3 DES
27. Which of the following security tools can Starbuck - an administrator - implement to mitigate the risks of theft?
Antenna placement; Power-level control
22
RAID 5 and a storage area network
Device encryption
28. Which of the following implements two factor authentication based on something you know and something you have?
RAID 5 and a storage area network
Private key
Social engineering
The system shall require users to authenticate to the system with a combination of a password or PIN and a smartcard
29. Mal - a user - submitted a form on the Internet but received an unexpected response shown below Server Error in "/" Application Runtime error in script on asp.net version 2.0 Which of the following controls should be put in place to prevent Mal from
Cipher lock combination and proximity badge
Fail state of the system
Error handling
Account lockout
30. Which of the following describes the ability for a third party to verify the sender or recipient of a given electronic message during authentication?
Device encryption
Non-repudiation
Information classification policy; Network access policy; Auditing and monitoring policy
RAS
31. Which of the following network devices will prevent port scans?
Penetration testing
Firewall
Mandatory access control
Mandatory vacations
32. A company needs to remove sensitive data from hard drives in leased computers before the computers are returned to the supplier. Which of the following is the BEST solution?
Sanitization using appropriate software
Impersonation
AP power levels
Improper input validation
33. Which of the following BEST allows Mal - a security administrator - to determine the type - source - and flags of the packet traversing a network for troubleshooting purposes?
Rootkit
Protocol analyzers
Risk
NIPS
34. River Tam - a forensic investigator - believes that the system image she was presented with is not the same as the original source. Which of the following should be done to verify whether or not the image has been tampered with?
RAID 5 and a storage area network
Risk
Cipher lock combination and proximity badge
Compare hashes of the original source and system image.
35. Mal - the Chief Executive Officer (CEO) of a company - has increased his travel plans for the next two years to improve business relations. Which of the following would need to be in place in case something happens to Pete?
Cipher lock combination and proximity badge
Succession planning
Update the CRL; Deploy OCSP
UDP 53
36. Which of the following should Mal - an administrator - use to verify the integrity of a downloaded file?
Memory dump - ARP cache
MD5
Risk
Mandatory vacations
37. While traveling Jayne - an employee - decides he would like to download some new movies onto his corporate laptop. While installing software designed to download movies from multiple computers across the Internet. Jayne agrees to share portions of hi
PGP
Memory dump - ARP cache
P2P
Software as a Service
38. Starbuck - a security administrator - has completed the imaging process for 20 computers that were deployed. The image contains the operating system and all required software. Which of the following is this an example of?
Deploying and using a trusted OS
Personal firewall
Separation of duties
Account lockout
39. Which of the following would Mal - a security administrator - change to limit how far a wireless signal will travel?
Power levels
Validate the identity of an email sender;Encrypt messages;Decrypt messages
dcfldd
Remotely initiate a device wipe
40. Which of the following open standards should Mal - a security administrator - select for remote authentication of users?
Risk
Shoulder surfing
RADIUS
Application hardening
41. Mal - a security administrator - would like to implement laptop encryption to protect data. The Chief Executive Officer (CEO) believes this will be too costly to implement and decides the company will purchase an insurance policy instead. Which of th
Ticket granting server
Risk avoidance
To limit the number of endpoints connected through the same switch port
Vulnerability scan
42. Which of the following authentication protocols forces centralized wireless authentication?
Impersonation
WPA2-Enterprise
Risk avoidance
Passive finger printing
43. Which of the following will help Jayne - an administrator; mitigate the risk of static electricity?
Cross-site scripting
Humidity controls
River Tam - the attacker - overwhelms a system or application - causing it to crash and bring the server down to cause an outage.
Device encryption
44. River Tam - a security guard - reports that the side of the company building has been marked with spray paint. Which of the following could this be an example of?
Loop protection
Single sign-on
80
War chalking
45. Which of the following functions of a firewall allows Mal - an administrator - to map an external service to an internal host?
TACACS+; SSH
Port forwarding
22
Temperature and humidity controls
46. To mitigate the adverse effects of network modifications - which of the following should Jayne - the security administrator - implement?
Sanitization using appropriate software
Change management
ARP poisoning
Something you are - something you have
47. Which of the following are security relevant policies?
Ticket granting server
WPA2-Enterprise
Information classification policy; Network access policy; Auditing and monitoring policy
Software as a Service
48. Starbuck's - a user - word processing software is exhibiting strange behavior - opening and closing itself at random intervals. There is no other strange behavior on the system. Which of the following would mitigate this problem in the future?
Protocol analyzer
Install application updates
Device encryption
Proxy server
49. When integrating source material from an open source project into a highly secure environment - which of the following precautions should prevent hidden threats?
Account expiration
Two fish
Code review
Deploy an anti-spam device to protect the network.
50. Which of the following security tools can Starbuck - a security administrator - use to deter theft?
AP power levels
Cable locks
WPA2-PSK
Software as a Service