Test your basic knowledge |

Comptia Security + Exam

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which of the following network devices would MOST likely be used to detect but not react to suspicious behavior on the network?






2. Which solution should you use?






3. A security firm has been engaged to assess a software application. A production-like test environment login details - production documentation and source code have been provided. Which of the following types of testing is being described?






4. Which of the following attacks is NOT aimed at fragmentation vulnerabilities of the IP stack?






5. With which of the following is RAID MOST concerned?






6. A user is no longer able to transfer files to the FTP server. The security administrator has verified the ports are open on the network firewall. Which of the following should the security administrator check?






7. Users in your company use a smart card and fingerprint scan to authenticate to the network. Which of the following authentication methods is used in your company?






8. Which of the following is an example of allowing another user physical access to a secured area without validation of their credentials?






9. A system administrator could have a user level account and an administrator account to prevent:...






10. Which of the following describes the purpose of chain of custody as applied to forensic image retention?






11. The 64 bit block cipher with 16 iterations giving a 56 bit key is called?






12. Which of the following web application security weaknesses can be mitigated by preventing the use of HTML tags?






13. In order to provide flexible working conditions a company has decided to allow some employees remote access into corporate headquarters. Which of the following security technologies could be used to provide remote access?






14. A security engineer is troubleshooting a server which cannot be reached from the Internet or the internal network. All other servers on the DMZ are able to communicate with this server. Which of the following is the MOST likely cause?






15. Which of the following would need to be configured correctly to allow remote access to the network?






16. An administrator is taking an image of a server and converting it to a virtual instance. Which of the following BEST describes the information security requirements of a virtualized server?






17. Which of the following tools provides the ability to determine if an application is transmitting a password in clear-text?






18. Which of the following logical controls does a flood guard protect against?






19. How a Trojan works: A user downloads a keygen to install pirated software. After running the keygen - system performance is ________________ are displayed.






20. Which of the following is a security control that is lost when using cloud computing?






21. Which of the following is a management control type?






22. Which of the following security threats does shredding mitigate?






23. Instead of giving a security administrator full the administrator is given rights only to review logs and update security related network devices. Additional rights are handed out to network administrators for the areas that fall within their job des






24. Which of the following is a reason to perform user awareness and training?






25. Which of the following environmental variables reduces the potential for static discharges?






26. Which of the following reduces the likelihood of a single point of failure when a server fails?






27. A security administrator with full administrative rights on the network is forced to temporarily take time off of their duties. Which of the following describes this form of access control?






28. Which of the following is the primary difference between a virus and a worm?






29. Which of the following are accomplished when a message is digitally signed?






30. On-going annual awareness security training should be coupled with:..






31. Users in your network are able to assign permissions to their own shared resources. Which of the following access control models is used in your network?






32. A security administrator performs several war driving routes each month and recently has noticed a certain area with a large number of unauthorized devices. Which of the following attack types is MOST likely occurring?






33. Which of the following is true concerning email message encryption by using S/MIME?






34. Proper wireless antenna placement and radio power setting reduces the success of which of the following reconnaissance methods?






35. During the analysis of malicious code a security analyst discovers JavaScript being used to send random data to another service on the same system. This is MOST likely an example of which of the following?






36. Which of the following facilitates computing for heavily utilized systems and networks?






37. Which of the following are the default ports for HTTP and HTTPS protocols?






38. A security administrator is tasked with ensuring that all servers are highly available and that hard drive failure will not affect an individual server. Which of the following configurations will allow for high availability?






39. Your organization has an existing server and you want to add a hardware device to provide encryption capabilities. What is the easiest way to accomplish this?






40. A critical system in the datacenter is not connected to a UPS. The security administrator has coordinated an authorized service interruption to resolve this issue. This is an example of which of the following?






41. Which of the following should the security administrator look at FIRST when implementing an AP to gain more coverage?






42. In which of the following locations would a forensic analyst look to find a hooked process?






43. The detection of a NOOP sled is an indication of which of the following attacks?






44. Which of the following is an unauthorized wireless router that allows access to a secure network?






45. When examining HTTP server logs the security administrator notices that the company's online store crashes after a particular search string is executed by a single external user. Which of the following BEST describes this type of attack?






46. Which of the following includes a photo and can be used for identification?






47. Which of the following is a method to prevent ad-hoc configuration mistakes?






48. A security administrator wants to determine what data is allowed to be collected from users of the corporate Internet-facing web application. Which of the following should be referenced?






49. The security administrator is getting reports from users that they are accessing certain websites and are unable to download anything off of those sites. The security administrator is also receiving several alarms from the IDS about suspicious traffi






50. An administrator identifies a security issue on but does not attempt to exploit it. Which of the following describes what the administrator has done?