SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Cyber Ops
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. When used alone - which of the following controls mitigates the risk of River Tam - an attacker - launching an online brute force password attack?
ARP poisoning
Vulnerability scan
Account lockout
Business impact assessment
2. Which of the following could River Tam - an administrator - use in a workplace to remove sensitive data at rest from the premises?
Personally owned devices
GSM phone card and PIN
Log reviews
Temperature and humidity controls
3. Which of the following is the MOST secure protocol for Mal - an administrator - to use for managing network devices?
SSH
Fail state of the system
Cable locks
Penetration test
4. Social networking sites are used daily by the marketing team for promotional purposes. However - confidential company information - including product pictures and potential partnerships - have been inadvertently exposed to the public by dozens of emp
Mandate additional security awareness training for all employees.
Something you are
Failsafe
Cipher lock combination and proximity badge
5. Jayne - a security administrator - is responsible for provisioning role-based user accounts in an enterprise environment. A user has a temporary business need to perform multiple roles within the organization. Which of the following is the BEST solut
PEAP-MSCHAPv2
Assign multiple roles to the existing user ID
Software as a Service
RAID 5 and a storage area network
6. Mal - a user - submitted a form on the Internet but received an unexpected response shown below Server Error in "/" Application Runtime error in script on asp.net version 2.0 Which of the following controls should be put in place to prevent Mal from
Mandatory access control
Error handling
Protocol analyzers
Continuous monitoring
7. Mal - a network administrator - implements the spanning tree protocol on network switches. Which of the following issues does this address?
Port scan
Spam filter
Loop protection
Risk avoidance
8. Which of the following security tools can Starbuck - an administrator - implement to mitigate the risks of theft?
ARP poisoning
Deploying and using a trusted OS
Device encryption
Group based privileges
9. Which of the following are restricted to 64-bit block sizes?
Separation of duties
MAC filtering
DES;3 DES
Change management
10. An SQL injection vulnerability can be caused by which of the following?
Proxies
Update the CRL; Deploy OCSP
PII handling
Improper input validation
11. Which of the following allows active exploitation of security vulnerabilities on a system or network for the purpose of determining true impact?
Penetration testing
Separation of duties
Device encryption
Encrypt all confidential data.
12. Which of the following malware types is MOST likely to execute its payload after Starbuck - an employee - has left the company?
Memory dump - ARP cache
The IDS does not identify a buffer overflow
E-discovery
Logic bomb
13. Which of the following would be the BEST reason for Starbuck - a security administrator - to initially select individual file encryption over whole disk encryption?
Deploy an anti-spam device to protect the network.
Rootkit
It is faster to encrypt an individual file.
Mandated security configurations have been made to the operating system.
14. Which of the following is where an unauthorized device is found allowing access to a network?
Clean desk policy
RAS
Rogue access point
Verify the user's identity
15. Which of the following ports would be blocked if Mal - a security administrator - wants to deny access to websites?
80
TPM
CRL
Improper input validation
16. Which of the following commands can Jayne - an administrator - use to create a forensically sound hard drive image?
Proxies
Non-repudiation
dcfldd
Signature based
17. River Tam - an attacker - calls the company's from desk and tries to gain insider information by providing specific company information to gain the attendant's trust. The front desk immediately alerts the IT department about this incident. This is an
Ask the programmer to replicate the problem in a test environment.
Server-side input validation results in a more secure system than client-side input validation.
Impersonation
Install application updates
18. Which of the following risks could IT management be mitigating by removing an all-in-one device?
Rogue access point
Device encryption
Server-side input validation results in a more secure system than client-side input validation.
Single point of failure
19. Which of the following should River Tam - a security technician - perform as the FIRST step when creating a disaster recovery plan for a mission critical accounting system?
It is faster to encrypt an individual file.
Notify security to identify employee's whereabouts.
Business impact assessment
Single point of failure
20. Which of the following is an attack where Mal spreads USB thumb drives throughout a bank's parking lot in order to have malware installed on the banking systems?
Impersonation
Firewall
Social engineering
Something you are
21. Which of the following attacks would be used if River Tam - a user - is receiving unwanted text messages?
Public key
The security company is provided with no information about the corporate network or physical locations.
Blue jacking
Fraggle attack
22. While traveling Jayne - an employee - decides he would like to download some new movies onto his corporate laptop. While installing software designed to download movies from multiple computers across the Internet. Jayne agrees to share portions of hi
Install application updates
P2P
Shoulder surfing
IPS
23. The human resources department of a company has requested full access to all network resources - including those of the financial department. Starbuck - the administrator - denies this - citing...
War chalking
Firewall
Separation of duties
Rogue access point
24. In the event of a mobile device being lost or stolen - which of the following BEST protects against sensitive information leakage?
Port forwarding
PII handling
Trust model
Remote wipe
25. River Tam - the software security engineer - is trying to detect issues that could lead to buffer overflows or memory leaks in the company software. Which of the following would help River Tam automate this detection?
Fail state of the system
Single sign-on
Cable locks
Fuzzing
26. Which of the following is a best practice when securing a switch from physical access?
Disable unused ports
PGP
Full disk
Gray box
27. When integrating source material from an open source project into a highly secure environment - which of the following precautions should prevent hidden threats?
PEAP-MSCHAPv2
Verify the user's identity
Code review
Log reviews
28. Which of the following is BEST associated with PKI?
Sanitization using appropriate software
Host based firewall
Private key
NIPS
29. The log management system at Company A is inadequate to meet the standards required by their corporate governance team. A new automated log management system has been put in place. This is an example of which of the following?
Trust model
Integrity
Deploying and using a trusted OS
Continuous monitoring
30. River Tam - a security guard - reports that the side of the company building has been marked with spray paint. Which of the following could this be an example of?
Change management
Public key
War chalking
The IDS does not identify a buffer overflow
31. Which of the following security concepts establishes procedures where creation and approval are performed through distinct functions?
SNMPv3
Signature based
Remote data wipe
Separation of duties
32. When reviewing a digital certificate for accuracy - which of the following would Jayne - a security administrator - focus on to determine who affirms the identity of the certificate owner?
Something you are
Use Starbuck's private key to sign the binary
Impersonation
CA
33. Which of the following ports would be blocked if Mal - a security administrator - wants to disable FTP?
80
VLAN mismatch is occurring.
Fuzzing
21
34. Jayne's CRL is over six months old. Which of the following could Jayne do in order to ensure he has the current information?
GSM phone card and PIN
Mandatory access control
Update the CRL; Deploy OCSP
Clean desk policy
35. Starbuck has a vendors server in-house for shipping and receiving. She wants to ensure that if the server goes down that the server in-house will be operational again within 24 hours. Which of the following should Starbuck define with the vendor?
Accounting should be given read/write access to network share A and read access to network share B. River Tam should be given read access for the specific document on network share A.
NAC
Mean time to restore
Cross-site scripting
36. While River Tam is logging into the server from her workstation - she notices Mal watching her enter the username and password. Which of the following social engineering attacks is Mal executing?
Succession planning
Use Starbuck's private key to sign the binary
Information classification policy; Network access policy; Auditing and monitoring policy
Shoulder surfing
37. Which of the following elements makes up the standard equation used to define risk?
Shoulder surfing
Mitigation
RBAC
Impact; Likelihood
38. Which of the following procedures would be used to mitigate the risk of an internal developer embedding malicious code into a production system?
Trust model
CRL
WPA2-Enterprise
Change management
39. Which of the following attacks is characterized by River Tam attempting to send an email from a Chief Information Officer's (CIO's) non-corporate email account to an IT staff member in order to have a password changed?
Penetration testing
Impersonation
Remote wipe
IV attack
40. Mal - a security administrator - has configured and implemented an additional public intermediate CA. Which of the following must Mal submit to the major web browser vendors in order for the certificates - signed by this intermediate - to be trusted?
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
41. Employees are reporting that they are receiving unusual calls from the help desk for the purpose of verifying their user credentials. Which of the following attack types is occurring?
Cross-site scripting
LDAP
Vishing
Signature based
42. Starbuck - an administrator - is primarily concerned with blocking external attackers from gaining information on remote employees by scanning their laptops. Which of the following security applications is BEST suited for this task?
Personal firewall
Warm site
Continuous monitoring
Mitigate risk and develop a maintenance plan.
43. Jayne - a system administrator - wants to establish a nightly available SQL database. Which of the following would be implemented to eliminate a single point of failure in storage and servers?
Time of day restrictions;Access control lists
RAID 5 and a storage area network
Impersonation
Protocol analyzer
44. After setting up a root CA. which of the following can Mal - a security administrator - implement to allow intermediate CAs to handout keys and certificates?
Deploy an anti-spam device to protect the network.
Spam fitters
Trust model
RADIUS
45. Which of the following describes the ability for a third party to verify the sender or recipient of a given electronic message during authentication?
Cipher lock combination and proximity badge
MAC filtering
GSM phone card and PIN
Non-repudiation
46. The public key is used to perform which of the following?
Validate the identity of an email sender;Encrypt messages;Decrypt messages
Separation of duties
Continuous monitoring
Shoulder surfing
47. Which of the following are security relevant policies?
Server-side input validation results in a more secure system than client-side input validation.
Port scan
Information classification policy; Network access policy; Auditing and monitoring policy
Cross-site scripting
48. Starbuck - a security administrator - has completed the imaging process for 20 computers that were deployed. The image contains the operating system and all required software. Which of the following is this an example of?
Deploying and using a trusted OS
Zero day exploit
Personal firewall
RBAC
49. A company notices that there is a flaw in one of their proprietary programs that the company runs in-house. The flaw could cause damage to the HVAC system. Which of the following would the company transfer to an insurance company?
Risk
Ticket granting server
P2P
Update the CRL; Deploy OCSP
50. While conducting a network audit - River Tam - a security administrator - discovers that most clients are routing their network traffic through a desktop client instead of the company router. Which of the following is this attack type?
E-discovery
ARP poisoning
Ask the programmer to replicate the problem in a test environment.
Risk avoidance