Test your basic knowledge |

Comptia Security +: Cyber Ops

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A data loss prevention strategy would MOST likely incorporate which of the following to reduce the risk associated with data loss?






2. Which of the following can River Tam - a security administrator - implement to ensure that encrypted files and devices can be recovered if the passphrase is lost?






3. River Tam - a security administrator - suspects that a web server may be under attack. The web logs have several entries containing variations of the following entries: 'or 1=1-- or1'=1-- 'or1=1'






4. When integrating source material from an open source project into a highly secure environment - which of the following precautions should prevent hidden threats?






5. River Tam - a security analyst - discovers which operating systems the client devices on the network are running by only monitoring a mirror port on the router. Which of the following techniques did River Tam use?






6. An application programmer reports to River Tam - the security administrator - that the antivirus software installed on a server is interfering with one of the production HR applications - and requests that antivirus be temporarily turned off. How sho






7. Starbuck - a security administrator - has applied security labels to files and folders to manage and restrict access. Which of the following is Starbuck using?






8. Which of the following malware types is MOST commonly associated with command and control?






9. Jayne - a systems security engineer - is determining which credential-type authentication to use within a planned 802.1x deployment. He is looking for a method that does not require a client certificate - has a server side certificate - and uses TLS






10. Which of the following is BEST utilized to actively test security controls on a particular system?






11. The fundamental information security principals include confidentiality - availability and which of the following?






12. Marketing creates a new folder and requests the following access be assigned: Sales Department - Read Marketing Department - Full Control Inside Sales - Read Write This is an example of which of the following?






13. When Mal - an employee - leaves a company - which of the following should be updated to ensure Pete's security access is reduced or eliminated?






14. Which of the following BEST allows Mal - a security administrator - to determine the type - source - and flags of the packet traversing a network for troubleshooting purposes?






15. Which of the following encrypts the body of a packet - rather than just the password - while sending information?






16. Which of the following security controls enforces user permissions based on a job role?






17. Which of the following reduces the likelihood of a single point of failure when a server fails?






18. Jayne - a security administrator - has noticed that the website and external systems have been subject to many attack attempts. To verify integrity of the website and critical files - Jayne should






19. Which of the following control types is video monitoring?






20. Which of the following allows a server to request a website on behalf of Starbuck - a user?






21. When moving from an internally controlled environment to a fully outsourced infrastructure environment - such as cloud computing - it is MOST important to...






22. A company needs to remove sensitive data from hard drives in leased computers before the computers are returned to the supplier. Which of the following is the BEST solution?






23. Which of the following activities should be completed in order to detect anomalies on a network?






24. Which of the following types of data encryption would Starbuck - a security administrator - use if MBR and the file systems needed to be included?






25. Which of the following implements two factor authentication based on something you know and something you have?






26. River Tam - a security guard - reports that the side of the company building has been marked with spray paint. Which of the following could this be an example of?






27. The corporate NIPS requires a daily download from its vendor with updated definitions in order to block the latest attacks. Which of the following describes how the NIPS is functioning?






28. Which of the following accurately describes the STRONGEST multifactor authentication?






29. A computer is put into a restricted VLAN until the computer's virus definitions are up-to-date. Which of the following BEST describes this system type?






30. When used alone - which of the following controls mitigates the risk of River Tam - an attacker - launching an online brute force password attack?






31. Employees are reporting that they are receiving unusual calls from the help desk for the purpose of verifying their user credentials. Which of the following attack types is occurring?






32. In a wireless network - which of the following components could cause too much coverage - too little coverage - and interference?






33. Which of the following can Mal - an administrator - use to verify that a downloaded file was not corrupted during the transfer?






34. River Tam and Starbuck - users - are reporting an increase in the amount of unwanted email that they are receiving each day. Which of the following would be the BEST way to respond to this issue without creating a lot of administrative overhead?






35. Which of the following is the MOST important security requirement for mobile devices storing PII?






36. Jayne - the security administrator - notices a spike in the number of SQL injection attacks against a web server connected to a backend SQL database. Which of the following practices should be used to prevent an application from passing these attacks






37. Mal - a network administrator - implements the spanning tree protocol on network switches. Which of the following issues does this address?






38. The Chief Information Security Officer (CISO) tells the network administrator that a security company has been hired to perform a penetration test against their network. The security company asks the CISO which type of testing would be most beneficia






39. Which of the following should River Tam - a security technician - perform as the FIRST step when creating a disaster recovery plan for a mission critical accounting system?






40. Which of the following risks could IT management be mitigating by removing an all-in-one device?






41. While conducting a network audit - River Tam - a security administrator - discovers that most clients are routing their network traffic through a desktop client instead of the company router. Which of the following is this attack type?






42. Which of the following policies is implemented in order to minimize data loss or theft?






43. Which of the following ports would be blocked if Mal - a security administrator - wants to deny access to websites?






44. Which of the following should be implemented to secure Pete's - a network administrator - day-today maintenance activities?






45. An SQL injection vulnerability can be caused by which of the following?






46. River Tam - a security administrator - has configured a trusted OS implementation on her servers. Which of the following controls are enacted by the trusted OS implementation?






47. Which of the following is a feature of Kerberos?






48. Which of the following is used to verify the identity of the sender of a signed email?






49. Starbuck's - a user - word processing software is exhibiting strange behavior - opening and closing itself at random intervals. There is no other strange behavior on the system. Which of the following would mitigate this problem in the future?






50. Which of the following administrative controls BEST mitigates the risk of ongoing inappropriate employee activities in sensitive areas?