Test your basic knowledge |

Comptia Security +: Cyber Ops

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which of the following can Mal - an administrator - use to verify that a downloaded file was not corrupted during the transfer?






2. Which of the following security tools can Starbuck - an administrator - implement to mitigate the risks of theft?






3. Mal is reporting an excessive amount of junk mail on the network email server. Which of the following would ONLY reduce the amount of unauthorized mail?






4. Jayne - a systems security engineer - is determining which credential-type authentication to use within a planned 802.1x deployment. He is looking for a method that does not require a client certificate - has a server side certificate - and uses TLS






5. Which of the following controls mitigates the risk of Jayne - an attacker - gaining access to a company network by using a former employee's credential?






6. Which of the following BEST explains the security benefit of a standardized server image?






7. Which of the following techniques floods an application with data in an attempt to find vulnerabilities?






8. Which of the following commands can Jayne - an administrator - use to create a forensically sound hard drive image?






9. Which of the following are security relevant policies?






10. Which of the following is BEST utilized to actively test security controls on a particular system?






11. The Chief Information Security Officer (CISO) tells the network administrator that a security company has been hired to perform a penetration test against their network. The security company asks the CISO which type of testing would be most beneficia






12. Which of the following protocols provides Mal - an administrator - with the HIGHEST level of security for device traps?






13. Which of the following attacks is characterized by River Tam attempting to send an email from a Chief Information Officer's (CIO's) non-corporate email account to an IT staff member in order to have a password changed?






14. The IT Security Department has completed an internal risk assessment and discovered the use of an outdated antivirus definition file. Which of the following is the NEXT step that management should take?






15. Which of the following will help Jayne - an administrator; mitigate the risk of static electricity?






16. Which of the following is the MOST important security requirement for mobile devices storing PII?






17. Jayne - a security administrator - has noticed that the website and external systems have been subject to many attack attempts. To verify integrity of the website and critical files - Jayne should






18. Which of the following are restricted to 64-bit block sizes?






19. Which of the following web application security weaknesses can be mitigated by preventing the use of HTML tags?






20. Which of the following security controls enforces user permissions based on a job role?






21. When reviewing a digital certificate for accuracy - which of the following would Jayne - a security administrator - focus on to determine who affirms the identity of the certificate owner?






22. Which of the following is a best practice when securing a switch from physical access?






23. To mitigate the adverse effects of network modifications - which of the following should Jayne - the security administrator - implement?






24. Starbuck - a security administrator - has completed the imaging process for 20 computers that were deployed. The image contains the operating system and all required software. Which of the following is this an example of?






25. Which of the following security concepts establishes procedures where creation and approval are performed through distinct functions?






26. Which of the following reduces the likelihood of a single point of failure when a server fails?






27. Which of the following implements two factor authentication based on something you know and something you have?






28. In the event of a mobile device being lost or stolen - which of the following BEST protects against sensitive information leakage?






29. Which of the following combinations represents multifactor authentication?






30. River Tam - a security administrator - is noticing a slow down in the wireless network response. River Tam launches a wireless sniffer and sees a large number of ARP packets being sent to the AP. Which of the following type of attacks is underway?






31. Which of the following is based on X.500 standards?






32. Traffic has stopped flowing to and from the company network after the inline IPS hardware failed. Which of the following has occurred?






33. Which of the following attacks is manifested as an embedded HTML image object or JavaScript image tag in an email?






34. Which of the following should River Tam - a security technician - perform as the FIRST step when creating a disaster recovery plan for a mission critical accounting system?






35. Which of the following is where an unauthorized device is found allowing access to a network?






36. An SQL injection vulnerability can be caused by which of the following?






37. 3DES is created when which of the following scenarios occurs?






38. Starbuck - an IT security technician working at a bank - has implemented encryption between two locations. Which of the following security concepts BEST exemplifies the protection provided by this example?






39. River Tam - the security engineer - has discovered that a breach is in progress on a non-production system of moderate importance. Which of the following should River Tam collect FIRST?






40. Which of the following allows Mal - a security technician - to prevent email traffic from entering the company servers?






41. Which of the following ports should be open in order for River Tam and Mal - users - to identify websites by domain name?






42. Which of the following network devices will prevent port scans?






43. Which of the following is similar to a smurf attack - but uses UDP instead to ICMP?






44. Which of the following security tools can Starbuck - a security administrator - use to deter theft?






45. Which of the following malware types is MOST commonly associated with command and control?






46. Jayne - a system administrator - wants to establish a nightly available SQL database. Which of the following would be implemented to eliminate a single point of failure in storage and servers?






47. Which of the following is used by Jayne - a security administrator - to lower the risks associated with electrostatic discharge - corrosion - and thermal breakdown?






48. Starbuck - a VPN administrator - was asked to implement an encryption cipher with a MINIMUM effective security of 128-bits. Which of the following should Starbuck select for the tunnel encryption?






49. A valid server-role in a Kerberos authentication system






50. Which of the following would help Mal - an administrator - prevent access to a rogue access point connected to a switch?