SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Cyber Ops
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which of the following can Jayne - an administrator - use to ensure the confidentiality of a file when it is being sent over FTP?
Separation of duties
PGP
GSM phone card and PIN
Account lockout
2. Which of the following reduces the likelihood of a single point of failure when a server fails?
Full disk
Ask the programmer to replicate the problem in a test environment.
Clustering
Remote data wipe
3. When integrating source material from an open source project into a highly secure environment - which of the following precautions should prevent hidden threats?
RADIUS
Code review
Compare hashes of the original source and system image.
Log reviews
4. Which of the following can Mal - an administrator - use to verify that a downloaded file was not corrupted during the transfer?
Mean time to restore
Fuzzing
MD5 checksum
GSM phone card and PIN
5. Which of the following is BEST described by a scenario where organizational management chooses to implement an internal Incident Response Structure for the business?
Improper input validation
Mitigation
Verify the user's identity
Logic bomb
6. Which of the following protocols provides Mal - an administrator - with the HIGHEST level of security for device traps?
Error handling
SNMPv3
Validate the identity of an email sender;Encrypt messages;Decrypt messages
PII handling
7. River Tam - a security administrator - has generated a key pair for the company web server. Which of the following should she do next to ensure all web traffic to the company web server is encrypted?
Impact; Likelihood
Mandatory Access Controls
Integrity
Install both the private and the public key on the web server.
8. A packet filtering firewall can protect from which of the following?
Temperature and humidity controls
Public key
SSH
Port scan
9. The fundamental information security principals include confidentiality - availability and which of the following?
The capacity of a system to resist unauthorized changes to stored information
Fuzzing
Account expiration
Code review
10. Which of the following is BEST associated with PKI?
Full disk
Ticket granting server
Server-side input validation results in a more secure system than client-side input validation.
Private key
11. While traveling Jayne - an employee - decides he would like to download some new movies onto his corporate laptop. While installing software designed to download movies from multiple computers across the Internet. Jayne agrees to share portions of hi
P2P
SSH
Information classification policy; Network access policy; Auditing and monitoring policy
IV attack
12. Which of the following is where an unauthorized device is found allowing access to a network?
Rogue access point
Single sign-on
Impersonation
TACACS+; SSH
13. Starbuck - an administrator - is primarily concerned with blocking external attackers from gaining information on remote employees by scanning their laptops. Which of the following security applications is BEST suited for this task?
Penetration testing
Compare hashes of the original source and system image.
Personal firewall
Vulnerability scan
14. The IT Security Department has completed an internal risk assessment and discovered the use of an outdated antivirus definition file. Which of the following is the NEXT step that management should take?
Mitigate risk and develop a maintenance plan.
GSM phone card and PIN
NTLM
RAID 5 and a storage area network
15. Which of the following is used to verify the identity of the sender of a signed email?
SSH
dcfldd
Public key
NAC
16. Starbuck - a security technician - wants to implement secure wireless with authentication. Which of the following allows for wireless to be authenticated via MSCHAPv2?
The system shall require users to authenticate to the system with a combination of a password or PIN and a smartcard
PEAP
Subnetting
Private key
17. River Tam - a security analyst - suspects that a rogue web server is running on the network. Which of the following would MOST likely be used to identify the server's IP address?
Port scanner
CA
Single point of failure
Antenna placement; Power levels
18. Which of the following network devices will prevent port scans?
Firewall
Zero day exploit
Mean time to restore
Penetration testing
19. Starbuck - a security administrator - has completed the imaging process for 20 computers that were deployed. The image contains the operating system and all required software. Which of the following is this an example of?
Worm outbreak
Deploying and using a trusted OS
WPA2-Enterprise
Zero day exploit
20. Which of the following should Mal - an administrator - use to verify the integrity of a downloaded file?
Accounting should be given read/write access to network share A and read access to network share B. River Tam should be given read access for the specific document on network share A.
Key escrow
Ticket granting server
MD5
21. Which of the following administrative controls BEST mitigates the risk of ongoing inappropriate employee activities in sensitive areas?
Loop protection
Public key
SSH
Mandatory vacations
22. Which of the following is the MOST secure protocol for Mal - an administrator - to use for managing network devices?
Remotely initiate a device wipe
SSH
Rogue access point
Remote data wipe
23. Which of the following is based on X.500 standards?
Log reviews
LDAP
To limit the number of endpoints connected through the same switch port
Non-repudiation
24. Mal - a security administrator - would like to implement laptop encryption to protect data. The Chief Executive Officer (CEO) believes this will be too costly to implement and decides the company will purchase an insurance policy instead. Which of th
Cable locks
Port scanner
Risk avoidance
Trust model
25. Which of the following would Mal - a security administrator - change to limit how far a wireless signal will travel?
Separation of duties
PII handling
The system shall require users to authenticate to the system with a combination of a password or PIN and a smartcard
Power levels
26. Starbuck - a security administrator - has applied security labels to files and folders to manage and restrict access. Which of the following is Starbuck using?
Deploy an anti-spam device to protect the network.
Personal firewall
Mandatory access control
P2P
27. Which of the following will help Jayne - an administrator; mitigate the risk of static electricity?
Humidity controls
Notify security to identify employee's whereabouts.
Update the CRL; Deploy OCSP
Rootkit
28. Which of the following should Starbuck - the security administrator - do FIRST when an employee reports the loss of a corporate mobile device?
Sanitization using appropriate software
Loop protection
Logic bomb
Remotely initiate a device wipe
29. Account lockout is a mitigation strategy used by Starbuck - the administrator - to combat which of the following attacks?
Improper input validation
Non-repudiation
Social engineering
Dictionary; Brute force
30. Which of the following security chips does BitLocker utilize?
MD5
Evil twin
Rootkit
TPM
31. A company notices that there is a flaw in one of their proprietary programs that the company runs in-house. The flaw could cause damage to the HVAC system. Which of the following would the company transfer to an insurance company?
Risk
Clustering
Verify the user's identity
Fuzzing
32. Jayne's CRL is over six months old. Which of the following could Jayne do in order to ensure he has the current information?
Update the CRL; Deploy OCSP
Fuzzing
E-discovery
TACACS+; SSH
33. Mal is reporting an excessive amount of junk mail on the network email server. Which of the following would ONLY reduce the amount of unauthorized mail?
Worm outbreak
Mandatory vacations
The security company is provided with no information about the corporate network or physical locations.
Spam fitters
34. A company has sent all of its private keys to a third party. The third party company has created a secure list of these keys. Which of the following has just been implemented?
Key escrow
War chalking
Anti-spam
File encryption
35. Jayne - the security administrator - notices a spike in the number of SQL injection attacks against a web server connected to a backend SQL database. Which of the following practices should be used to prevent an application from passing these attacks
Spam fitters
SSH
LDAP
Input validation
36. A valid server-role in a Kerberos authentication system
Penetration testing
Account lockout
Ticket granting server
Zero day exploit
37. The Chief Information Officer (CIO) wants to protect laptop users from zero day attacks. Which of the following would BEST achieve the CIO's goal?
GSM phone card and PIN
dcfldd
To limit the number of endpoints connected through the same switch port
Host based firewall
38. Which of the following security tools can Starbuck - a security administrator - use to deter theft?
Log reviews
Cable locks
Two fish
Account lockout
39. Which of the following should River Tam - a security technician - perform as the FIRST step when creating a disaster recovery plan for a mission critical accounting system?
Ticket granting server
Separation of duties
Business impact assessment
MD5
40. To mitigate the adverse effects of network modifications - which of the following should Jayne - the security administrator - implement?
Account expiration
Change management
Validate the identity of an email sender;Encrypt messages;Decrypt messages
DES;3 DES
41. Which of the following ports would be blocked if Mal - a security administrator - wants to deny access to websites?
80
Shoulder surfing
Port scan
Separation of duties
42. Which of the following technologies would allow the removal of a single point of failure?
Proxies
PII handling
PGP
Dual-homing a server
43. In the event of a mobile device being lost or stolen - which of the following BEST protects against sensitive information leakage?
Mandatory access control
Zero day attack
Remote wipe
File encryption
44. Starbuck's - a user - word processing software is exhibiting strange behavior - opening and closing itself at random intervals. There is no other strange behavior on the system. Which of the following would mitigate this problem in the future?
Change management
Install application updates
Full disk encryption
LDAP
45. Which of the following is used by Jayne - a security administrator - to lower the risks associated with electrostatic discharge - corrosion - and thermal breakdown?
Temperature and humidity controls
Blue jacking
Public key
Humidity controls
46. While traveling - users need access to an internal company web server that contains proprietary information. Mal - the security administrator - should implement a...
RAS
Information classification policy; Network access policy; Auditing and monitoring policy
Business impact assessment
Personally owned devices
47. Which of the following should be implemented to secure Pete's - a network administrator - day-today maintenance activities?
TACACS+; SSH
Mitigation
Blowfish
Proxy server
48. Mal - a security engineer - is trying to inventory all servers in a rack. The engineer launches RDP sessions to five different PCs and notices that the hardware properties are similar. Additionally - the MAC addresses of all five servers appear on th
The system is virtualized
Subnetting
Cable locks
Business impact assessment
49. An application company sent out a software patch for one of their applications on Monday. The company has been receiving reports about intrusion attacks from their customers on Tuesday. Which of the following attacks does this describe?
To limit the number of endpoints connected through the same switch port
Install application updates
Clustering
Zero day
50. Starbuck - an IT security technician working at a bank - has implemented encryption between two locations. Which of the following security concepts BEST exemplifies the protection provided by this example?
Protocol analyzers
Impact; Likelihood
Fail state of the system
Confidentiality