SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security + Exam
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A web application has been found to be vulnerable to a SQL injection attack. Which of the following BEST describes the required remediation action?
Privacy policy
Add input validation to forms.
DoS
Implicit deny
2. During the analysis of malicious code a security analyst discovers JavaScript being used to send random data to another service on the same system. This is MOST likely an example of which of the following?
Loop protection
Buffer overflow
Principle of least privilege
S/MIME PGP
3. What is the term used to describe the type of attack where a DNS server accepts and uses incorrect information from a host that does not have authority to supply that information?
DNS spoofing
Confidentiality - Availability
IPSec
extremely slow and numerous antivirus alerts
4. What key is used to encrypt an HTTPS session?
Lets you minimize the attack surface relating to the application
Tailgating
Symmetric
ACLs
5. Which of the following devices is used to optimize and distribute data workloads across multiple computers or networks?
Load balancer
Ensure a proper chain of custody
Clean desk policy
Steganography
6. Applying detailed instructions to manage the including allowing or denying traffic based on port - protocol - address - or direction is an implementation of which of the following?
Botnet
NIPS is blocking activities from those specific websites.
Firewall rulesflow of network traffic at the edge of the network
Security guard - Proximity reader
7. Which of the following BEST describes the proper method and reason to implement port security?
Clustering
Dumpster diving
EMI shielding
Apply a security control which ties specific ports to end-device MAC addresses and prevents additional devices from being connected to the network.
8. Which of the following is MOST likely to be the last rule contained on any firewall?
SSL
content inspection.
Accountability
Implicit deny
9. A security administrator finished taking a forensic image of a computer's memory. Which of the following should the administrator do to ensure image integrity?
Change Management System
Run the image through SHA256. Answer: D
Disable unused services - Update HIPS signatures
To ensure that staff understands what data they are handling and processing
10. Logs from an IDS show that a computer has been compromised with a botnet and is actively communicating with a command and control which of the following data types will be unavailable for later investigation?
Off-site backup
Memory - network processes - and system processesserver. If the computer is powered off
Firewall - VPN
Fiber optic
11. Which of the following devices BEST allows a security administrator to identify malicious activity after it has occurred?
IDS
The new access point was mis-configured and is interfering with another nearby access point.
Provider cloud
escalation of privileges.
12. Which of the following is a detective security control?
A worm is self-replicating
CCTV
AC filtering - Disabled SSID broadcast
Social Engineering attack
13. Which of the following describes the purpose of chain of custody as applied to forensic image retention?
Bluesnarfing
To provide documentation as to who has handled the evidence
CCTV
1433
14. You have several computers that use the NTLM authentication protocol for client authentication. Network policy requires user passwords with at least 16 characters. What hash algorithm is used for password authentication?
IPv6
MD5
Mandated security configurations have been made to the operating system.
DNS spoofing
15. Two systems are being designed. System A has a high availability requirement. System B has a high security requirement with less emphasis on system uptime. Which of the following configurations BEST fits the need for each system?
WPA2-PSK
System A fails open. System B fails closed.
Confidentiality
TLS
16. A security administrator is tasked with revoking the access of a terminated employee. Which of the following account policies MUST be enacted to ensure the employee no longer has access to the network?
CAC
80 - 443
Account disablement
NIDS
17. Which of the following is the BEST choice for encryption on a wireless network?
VPN concentrator
WPA2-PSK
Risk transference
content inspection.
18. Which of the following describes when forensic hashing should occur on a drive?
Polymorphic
IDS
mitigation - acceptance - transference
Before and after the imaging process and then hash the forensic image
19. You are performing risk assessment for an organization. What should you do during impact assessment?
Determine the potential monetary costs related to a threat
Buffer overflow
Organize data based on severity and asset value.
Implicit deny
20. Which environmental control is part of TEMPEST compliance?
Gas
DNS spoofing
Shielding
Confidentiality
21. Which of the following manages peer authentication and key exchange for an IPSec connection?
The PC has become part of a botnet.
System A fails open. System B fails closed.
Mandatory vacation
IKE
22. NIDS can also be used to help identify...
smurf attacks
Least privilege
Evil twin
Asymmetric and Hashing
23. Which of the following is a reason to perform user awareness and training?
To minimize the organizational risk posed by users
Shoulder surfing
SYN attacks
Humidity
24. A remote office is reporting they are unable to access any of the network resources from the main office. The security administrator realizes the error and corrects it. The administrator then tries to ping the router at the remote office and receives
Physical control of the data
Add input validation to forms.
Data Encryption Standard (DES)
The remote router has ICMP blocked.
25. A company that purchases insurance to reduce risk is an example of which of the following?
MAC
Risk transference
Check if relaying is denied for unauthorized domains
Shoulder surfing
26. A new enterprise solution is currently being evaluated due to its potential to increase the company's profit margins. The security administrator has been asked to review its security implications. While evaluating the various vulnerability scans were
Virtual servers have the same information security requirements as physical servers.
Risk assessmentproduct Answer: D
Organize data based on severity and asset value.
Availability
27. What fire suppression method should be used to extinguish an electrical fire in one of the racks in the server room?
Gas
Implicit deny
1433
Disable unused services - Update HIPS signatures
28. Which of the following protocols requires the use of a CA based authentication process?
80 - 443
Phishing techniques
PEAP-TLS
DMZ
29. Upper management decides which risk to mitigate based on cost. This is an example of:
quantitative risk assessment
MD5
Virtual servers have the same information security requirements as physical servers.
Principle of least privilege
30. The 802.11i standard specifies support for which encryption algorithms?
AES and TKIP
Fraud
Ensure a proper chain of custody
Use SSH to connect to the Linux shell
31. Which of the following is MOST relevant to a buffer overflow attack?
Cross-site scripting
War driving
The remote router has ICMP blocked.
NOOP instructions
32. When examining HTTP server logs the security administrator notices that the company's online store crashes after a particular search string is executed by a single external user. Which of the following BEST describes this type of attack?
Implicit deny
DoS
80 - 443
PEAP-TLS
33. Which of the following would need to be configured correctly to allow remote access to the network?
ACLs
1433
Footprinting
Spear phishing
34. Which of the following wireless security controls can be easily and quickly circumvented using only a network sniffer?
Principle of least privilege
Clean desk policy
AC filtering - Disabled SSID broadcast
Forward to different RDP listening ports.
35. Which of the following MUST a programmer implement to prevent cross-site scripting?
Validate input to remove hypertext
WPA2
WPA2-PSK
Change Management System
36. Which of the following is the MOST likely cause of a single computer communicating with an unknown IRC server and scanning other systems on the network?
Virtual servers have the same information security requirements as physical servers.
Botnet
25
The remote router has ICMP blocked.
37. You are designing a secure application environment. You need to ensure that data is kept as secure as possible. You need to select the strictest access control model. What access control model should you use?
MAC
War driving
By masking the IP address of internal computers from the Internet
The development team is transferring data to test systems using SFTP and SCP.
38. Performing routine security audits is a form of which of the following controls?
Lets you minimize the attack surface relating to the application
Baseline reporting
Detective
Humidity
39. The security administrator notices a number of TCP connections from the development department to the test network segregation. Large volumes of data are being transmitted between the two networks only on port 22. Which of the following is MOST likel
The development team is transferring data to test systems using SFTP and SCP.
MS-CHAP
AES and TKIP
Cognitive passwords
40. What are typical elements of authentication as part of physical access controls?
WPA2-PSK
HSM
ID badges
Content filtering
41. Which of the following should be considered when trying to prevent somebody from capturing network traffic?
Mandated security configurations have been made to the operating system.
Content filtering
EMI shielding
Hot and cold aisles
42. Which of the following logical controls does a flood guard protect against?
Provider cloud
Validate input to remove hypertext
PEAP-TLS
SYN attacks
43. Which of the following is true concerning email message encryption by using S/MIME?
Rootkit
Rogue access point
Only the message data is encrypted
Baseline reporting
44. You want to improve security for remote administration to several Linux web servers on the Internet. The data as well as the authentication process needs to be encrypted. Which of the following should you do?
Firewall - VPN
SSH - SCP - and SFTP (the MOST secure method to transfer files from a host machine)
Use SSH to connect to the Linux shell
Risk assessmentproduct Answer: D
45. A network consists of various remote sites that connect back to two main locations. The security administrator needs to block TELNET access into the network. Which of the following by default - would be the BEST choice to accomplish this goal?
Block port 23 on the network firewall.
Fiber optic
Integrity
IPSec
46. Which of the following are the default ports for HTTP and HTTPS protocols?
Gas
IDEA and TripleDes
80 - 443
By masking the IP address of internal computers from the Internet
47. Which of the following is the default rule found in a corporate firewall's access control list?
Deny all
The web site's private key.
Asymmetric and Hashing
WPA2-PSK
48. A security administrator performs several war driving routes each month and recently has noticed a certain area with a large number of unauthorized devices. Which of the following attack types is MOST likely occurring?
VPN concentrator
Mandatory vacations
Rogue access points
MAC
49. Which of the following secure protocols is MOST commonly used to remotely administer Unix/Linux systems?
SSH
IDS
Block port 23 on the network firewall.
CCTV
50. Which solution should you use?
It is used to provide data encryption for WAP connections.
se file servers attached to an NAS system.
Mantrap
25
