Test your basic knowledge |

Comptia Security + Exam

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Two systems are being designed. System A has a high availability requirement. System B has a high security requirement with less emphasis on system uptime. Which of the following configurations BEST fits the need for each system?






2. You are designing a Web-based application. You design the application so that it runs under a security context that allows only those privileges required for the application to run to minimize risk in the event of an attack. This is an example of whi






3. Which of the following protocols should be blocked at the network perimeter to prevent host enumeration by sweep devices?






4. Which of the following is a best practice when securing a switch from physical access?






5. Which of the following tools provides the ability to determine if an application is transmitting a password in clear-text?






6. What key is used to encrypt an HTTPS session?






7. A security administrator with full administrative rights on the network is forced to temporarily take time off of their duties. Which of the following describes this form of access control?






8. When examining HTTP server logs the security administrator notices that the company's online store crashes after a particular search string is executed by a single external user. Which of the following BEST describes this type of attack?






9. Which of the following devices would allow a technician to view IP headers on a data packet?






10. While browsing the Internet an administrator notices their browser behaves erratically - appears to download something - and then crashes. Upon restarting the PC - the administrator notices performance is extremely slow and there are hundreds of outb






11. An application log shows that the text 'test; rm -rf /etc/passwd' was entered into an HTML form. Which of the following describes the type of attack that was attempted?






12. You are designing a secure application environment. You need to ensure that data is kept as secure as possible. You need to select the strictest access control model. What access control model should you use?






13. On-going annual awareness security training should be coupled with:..






14. Which of the following would be the BEST action to perform when conducting a corporate vulnerability assessment?






15. What fire suppression method should be used to extinguish an electrical fire in one of the racks in the server room?






16. Logs from an IDS show that a computer has been compromised with a botnet and is actively communicating with a command and control which of the following data types will be unavailable for later investigation?






17. You want to improve security for remote administration to several Linux web servers on the Internet. The data as well as the authentication process needs to be encrypted. Which of the following should you do?






18. Which of the following risks may result from improper use of social networking and P2P software?






19. Used in conjunction which of the following are PII?






20. What is the term used to describe the type of attack where a DNS server accepts and uses incorrect information from a host that does not have authority to supply that information?






21. What are typical elements of authentication as part of physical access controls?






22. Which of the following is a method to prevent ad-hoc configuration mistakes?






23. Which of the following is a security control that is lost when using cloud computing?






24. A security administrator is in charge of a a hot site and a cold site. Due to a recent disaster - the administrator needs to ensure that their cold site is ready to go in case of a disaster. Which of the following does the administrator need to ensur






25. Which of the following is the MOST secure method of utilizing FTP?






26. An attacker forces a Windows service that uses the Local System account as its service account to crash. The attacker is able to access administrator-level resources as a result. What kind of attack is this?






27. What is the term used to describe the type of FTP access in which the user does not have permissions to list the content of directories but can access the contents if he knows the path and file name?






28. Separating of duties is valuable in deterring?






29. Which of the following BEST describes the proper method and reason to implement port security?






30. Applying detailed instructions to manage the including allowing or denying traffic based on port - protocol - address - or direction is an implementation of which of the following?






31. Which of the following facilitates computing for heavily utilized systems and networks?






32. Which of the following security threats does shredding mitigate?






33. The server log shows 25 SSH login sessions it is a large company and the administrator does not know if this is normal behavior or if the network is under attack. Where should the administrator look to determine if this is normal behavior?






34. Which of the following describes the purpose of chain of custody as applied to forensic image retention?






35. Which of the following is the default rule found in a corporate firewall's access control list?






36. Which of the following are important physical security considerations when choosing a location for a new remote branch office?






37. A security administrator finished taking a forensic image of a computer's memory. Which of the following should the administrator do to ensure image integrity?






38. Your organization has an existing server and you want to add a hardware device to provide encryption capabilities. What is the easiest way to accomplish this?






39. What is the advantage of using application virtualization?






40. Users of specific systems are reporting that their data has been corrupted. After a recent patch update to those systems the users are still reporting issues of data being corrupt. Which of the following assessment techniques need to be performed to






41. You want to setup a secure method of sending and receiving email. Which two of the following protocols can be used for this purpose?






42. Which of the following is a technique designed to obtain information from a specific person?






43. Users in your network are able to assign permissions to their own shared resources. Which of the following access control models is used in your network?






44. Users in your company use a smart card and fingerprint scan to authenticate to the network. Which of the following authentication methods is used in your company?






45. You are performing risk assessment for an organization. What should you do during impact assessment?






46. Which of the following environmental controls would BEST be used to regulate cooling within a datacenter?






47. Which of the following describes when forensic hashing should occur on a drive?






48. Which of the following threats corresponds with an attacker targeting specific employees of a company?






49. Which of the following should be performed on a computer to protect the operating system from malicious software?






50. Which of the following may cause a user connected to a NAC-enabled network - to not be prompted for credentials?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183