Test your basic knowledge |

Comptia Security + Exam

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. With which of the following is RAID MOST concerned?






2. You are determining environmental control requirements for a data center that will contain several computers? What is the role of an HVAC system in this environment?






3. Which of the following should be performed on a computer to protect the operating system from malicious software?






4. Upper management decides which risk to mitigate based on cost. This is an example of:






5. An attacker forces a Windows service that uses the Local System account as its service account to crash. The attacker is able to access administrator-level resources as a result. What kind of attack is this?






6. What port does the Domain Name Service (DNS) use by default?






7. A security engineer is troubleshooting a server which cannot be reached from the Internet or the internal network. All other servers on the DMZ are able to communicate with this server. Which of the following is the MOST likely cause?






8. The detection of a NOOP sled is an indication of which of the following attacks?






9. An administrator is taking an image of a server and converting it to a virtual instance. Which of the following BEST describes the information security requirements of a virtualized server?






10. What is the term used to describe the type of FTP access in which the user does not have permissions to list the content of directories but can access the contents if he knows the path and file name?






11. Which environmental control is part of TEMPEST compliance?






12. Which of the following should a security administrator implement to prevent users from disrupting network connectivity if a user connects both ends of a network cable to different switch ports?






13. User in your department complain about a slow Internet connection. You monitor the external interface of your company's border router and notice a huge mount of half-open TCP connections. What type of attack is your company currently a victim of?






14. Which of the following devices would allow a technician to view IP headers on a data packet?






15. Which of the following wireless security controls can be easily and quickly circumvented using only a network sniffer?






16. Which of the following is MOST relevant to a buffer overflow attack?






17. What types of encryption are used for adding a digital signature to a message?






18. Which of the following port numbers is used for SCP by default?






19. A system administrator could have a user level account and an administrator account to prevent:...






20. Which of the following protocols should be blocked at the network perimeter to prevent host enumeration by sweep devices?






21. Which of the following risks may result from improper use of social networking and P2P software?






22. A security administrator is tasked with ensuring that all servers are highly available and that hard drive failure will not affect an individual server. Which of the following configurations will allow for high availability?






23. Which of the following is true regarding the WTLS protocol?






24. An application log shows that the text 'test; rm -rf /etc/passwd' was entered into an HTML form. Which of the following describes the type of attack that was attempted?






25. Which of the following reduces the likelihood of a single point of failure when a server fails?






26. Which of the following is true concerning email message encryption by using S/MIME?






27. Applying detailed instructions to manage the including allowing or denying traffic based on port - protocol - address - or direction is an implementation of which of the following?






28. Your daily bandwidth monitoring report of your Internet connection shows an excessive amount of outgoing traffic on port 25. You have seen peaks in the reports before but this report shows many peaks outside office times. What should you do?






29. Recovery Point Objectives and Recovery Time Objectives directly relate to which of the following BCP concepts?






30. Users in your network are able to assign permissions to their own shared resources. Which of the following access control models is used in your network?






31. A security administrator needs to separate two departments. Which of the following would the administrator implement to perform this?






32. A critical system in the datacenter is not connected to a UPS. The security administrator has coordinated an authorized service interruption to resolve this issue. This is an example of which of the following?






33. Which of the following is BEST used to prevent ARP poisoning attacks across a network?






34. Which of the following cloud computing concepts is BEST described as providing an easy-to configure OS and on-demand computing for customers?






35. A bulk update process fails and writes incorrect data throughout the database. Which of the following concepts describes what has been compromised?






36. Which of the following BEST describes the proper method and reason to implement port security?






37. Your organization has an existing server and you want to add a hardware device to provide encryption capabilities. What is the easiest way to accomplish this?






38. A web application has been found to be vulnerable to a SQL injection attack. Which of the following BEST describes the required remediation action?






39. Which of the following is used for exchanging secret keys over an insecure public network?






40. Which of the following is MOST likely to be the last rule contained on any firewall?






41. Which of the following are the default ports for HTTP and HTTPS protocols?






42. Which of the following network devices would MOST likely be used to detect but not react to suspicious behavior on the network?






43. Which of the following attacks is BEST described as the interruption of network traffic accompanied by the insertion of malicious code?






44. Which of the following threats corresponds with an attacker targeting specific employees of a company?






45. You installed a new e-commerce application on your web server that will allow your company to take orders from their website. You want to ensure that information that customers enter into their web browser is sent securely to the web server. Which of






46. A user reports that their 802.11n capable interface connects and disconnects frequently to an access point that was recently installed. The user has a Bluetooth enabled laptop. A company in the next building had their wireless network breached last m






47. Which of the following is used when performing a quantitative risk analysis?






48. Webmail is classified under which of the following cloud-based technologies?






49. What is the term used to describe the type of attack where a DNS server accepts and uses incorrect information from a host that does not have authority to supply that information?






50. The security administrator is getting reports from users that they are accessing certain websites and are unable to download anything off of those sites. The security administrator is also receiving several alarms from the IDS about suspicious traffi