Test your basic knowledge |

Comptia Security + Exam

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The security administrator notices a number of TCP connections from the development department to the test network segregation. Large volumes of data are being transmitted between the two networks only on port 22. Which of the following is MOST likel






2. Which of the following secure protocols is MOST commonly used to remotely administer Unix/Linux systems?






3. Which of the following is not an asymmetric system?






4. Data can potentially be stolen from a disk screen-lock protected - smartphone by which of the following?






5. How does a NAT server help protect your network?






6. Which of the following is specific to a buffer overflow attack?






7. Which of the following network devices would MOST likely be used to detect but not react to suspicious behavior on the network?






8. Webmail is classified under which of the following cloud-based technologies?






9. A user is no longer able to transfer files to the FTP server. The security administrator has verified the ports are open on the network firewall. Which of the following should the security administrator check?






10. By default which of the following stops network traffic when the traffic is not identified in the firewall ruleset?






11. You want to setup a secure method of sending and receiving email. Which two of the following protocols can be used for this purpose?






12. You detected an intrusion and are taking the necessary steps to preserve the evidence. You want to make sure the evidence will be admissible in a court of law. What should you do?






13. Logs from an IDS show that a computer has been compromised with a botnet and is actively communicating with a command and control which of the following data types will be unavailable for later investigation?






14. Your organization has an existing server and you want to add a hardware device to provide encryption capabilities. What is the easiest way to accomplish this?






15. Instead of giving a security administrator full the administrator is given rights only to review logs and update security related network devices. Additional rights are handed out to network administrators for the areas that fall within their job des






16. A bulk update process fails and writes incorrect data throughout the database. Which of the following concepts describes what has been compromised?






17. Which of the following is a reason to perform user awareness and training?






18. What principle dictates that a user is given no more privilege necessary than that required to preform his/her job?






19. Which of the following facilitates computing for heavily utilized systems and networks?






20. Which of the following is BEST used to prevent ARP poisoning attacks across a network?






21. Which of the following concepts ensures that the data is only viewable to authorized users?






22. An administrator identifies a security issue on but does not attempt to exploit it. Which of the following describes what the administrator has done?






23. Upon investigation an administrator finds a suspicious system-level kernel module which modifies file system operations. This is an example of which of the following?






24. What asymmetric key is used to encrypt when using HTTPS?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


25. Which of the following is a policy that would force all users to organize their areas as well as help in reducing the risk of possible data theft?






26. User in your department complain about a slow Internet connection. You monitor the external interface of your company's border router and notice a huge mount of half-open TCP connections. What type of attack is your company currently a victim of?






27. Which of the following is used when performing a quantitative risk analysis?






28. Which of the following may cause a user connected to a NAC-enabled network - to not be prompted for credentials?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


29. You discover that company confidential information is being encoded into graphics files and sent to a destination outside of the company. This is an example of what kind of cryptography?






30. Which of the following malware types is MOST commonly installed through the use of thumb drives to compromise systems and provide unauthorized access?






31. Which of the following describes a passive attempt to identify weaknesses?






32. What asymmetric key is used to decrypt when using HTTPS?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


33. Two systems are being designed. System A has a high availability requirement. System B has a high security requirement with less emphasis on system uptime. Which of the following configurations BEST fits the need for each system?






34. Which of the following devices BEST allows a security administrator to identify malicious activity after it has occurred?






35. Which of the following would be the BEST action to perform when conducting a corporate vulnerability assessment?






36. A network administrator is implementing a network addressing scheme that uses a long string of both numbers and alphanumeric characters to create addressing options and avoid duplicates. Which of the following describes a protocol built for this purp






37. A set of instructions normally implemented on a computer system as a procedure to manipulate data is called a(n)?






38. Which of the following port numbers is used for SCP by default?






39. Which of the following is the MOST secure method of utilizing FTP?






40. Upper management decides which risk to mitigate based on cost. This is an example of:






41. Which of the following allows a security administrator to set device traps?






42. Users in your company use a smart card and fingerprint scan to authenticate to the network. Which of the following authentication methods is used in your company?






43. A security administrator is tasked with ensuring that all servers are highly available and that hard drive failure will not affect an individual server. Which of the following configurations will allow for high availability?






44. A targeted email attack sent to the company's Chief Executive Officer (CEO) is known as which of the following?






45. Which of the following is used when performing a qualitative risk analysis?






46. Your daily bandwidth monitoring report of your Internet connection shows an excessive amount of outgoing traffic on port 25. You have seen peaks in the reports before but this report shows many peaks outside office times. What should you do?






47. On-going annual awareness security training should be coupled with:..






48. Based on logs from file servers remote access systems - and IDS - a malicious insider was stealing data using a personal laptop while connected by VPN. The affected company wants access to the laptop to determine loss - but the insider's lawyer insis






49. Which of the following are the default ports for HTTP and HTTPS protocols?






50. You are determining environmental control requirements for a data center that will contain several computers? What is the role of an HVAC system in this environment?