Test your basic knowledge |

Comptia Security +: Cyber Ops

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Mal - a security administrator - would like to implement laptop encryption to protect data. The Chief Executive Officer (CEO) believes this will be too costly to implement and decides the company will purchase an insurance policy instead. Which of th






2. The public key is used to perform which of the following?






3. Which of the following should be done before resetting a user's password due to expiration?


4. Which of the following malware types is MOST commonly associated with command and control?






5. Which of the following can Mal - an administrator - use to verify that a downloaded file was not corrupted during the transfer?






6. Which of the following should Starbuck - the security administrator - do FIRST when an employee reports the loss of a corporate mobile device?






7. Which of the following can Jayne - an administrator - use to ensure the confidentiality of a file when it is being sent over FTP?






8. An application programmer reports to River Tam - the security administrator - that the antivirus software installed on a server is interfering with one of the production HR applications - and requests that antivirus be temporarily turned off. How sho






9. Which of the following implements two factor authentication based on something you know and something you have?






10. Which of the following allows a server to request a website on behalf of Starbuck - a user?






11. A valid server-role in a Kerberos authentication system






12. Which of the following commands can Jayne - an administrator - use to create a forensically sound hard drive image?






13. Jayne - a systems security engineer - is determining which credential-type authentication to use within a planned 802.1x deployment. He is looking for a method that does not require a client certificate - has a server side certificate - and uses TLS






14. River Tam - an attacker - is recording a person typing in their ID number into a keypad to gain access to the building. River Tam then calls the helpdesk and informs them that their PIN no longer works and would like to change it. Which of the follow






15. While conducting a network audit - River Tam - a security administrator - discovers that most clients are routing their network traffic through a desktop client instead of the company router. Which of the following is this attack type?






16. Which of the following techniques floods an application with data in an attempt to find vulnerabilities?






17. River Tam - a security guard - reports that the side of the company building has been marked with spray paint. Which of the following could this be an example of?






18. Which of the following mitigates the risk of proprietary information being compromised?






19. An SQL injection vulnerability can be caused by which of the following?






20. Which of the following functions of a firewall allows Mal - an administrator - to map an external service to an internal host?






21. Which of the following accurately describes the STRONGEST multifactor authentication?






22. Which of the following reduces the likelihood of a single point of failure when a server fails?






23. An administrator responsible for building and validating security configurations is a violation of which of the following security principles?






24. Which of the following protocols provides Mal - an administrator - with the HIGHEST level of security for device traps?






25. Jayne - a server administrator - sets up database forms based on security rating levels. If a user has the lowest security rating then the database automatically determines what access that user has. Which of the following access control methods does






26. Which of the following activities should be completed in order to detect anomalies on a network?






27. Which of the following will help Jayne - an administrator; mitigate the risk of static electricity?






28. Which of the following is the MAIN benefit of server-side versus client-side input validation?






29. Several users' computers are no longer responding normally and sending out spam email to the users' entire contact list. This is an example of which of the following?






30. A company notices that there is a flaw in one of their proprietary programs that the company runs in-house. The flaw could cause damage to the HVAC system. Which of the following would the company transfer to an insurance company?






31. Which of the following malware types is BEST described as protecting itself by hooking system processes and hiding its presence?






32. Which of the following would MOST likely be implemented in order to prevent employees from accessing certain websites?






33. After setting up a root CA. which of the following can Mal - a security administrator - implement to allow intermediate CAs to handout keys and certificates?






34. Which of the following is BEST utilized to actively test security controls on a particular system?






35. Which of the following is an example of authentication using something Starbuck - a user - has and something she knows?






36. The human resources department of a company has requested full access to all network resources - including those of the financial department. Starbuck - the administrator - denies this - citing...






37. Which of the following controls mitigates the risk of Jayne - an attacker - gaining access to a company network by using a former employee's credential?






38. Mal - a security administrator - wants to secure remote telnet services and decides to use the services over SSH. Which of the following ports should Mal allow on the firewall by default?






39. Jayne - a security administrator - wants to allow content owners to determine who has access to tiles. Which of the following access control types does this describe?






40. Which of the following are restricted to 64-bit block sizes?






41. A company wants to have a backup site that is a good balance between cost and recovery time objectives. Which of the following is the BEST solution?






42. Which of the following data loss prevention strategies mitigates the risk of replacing hard drives that cannot be sanitized?






43. River Tam - the security engineer - has discovered that a breach is in progress on a non-production system of moderate importance. Which of the following should River Tam collect FIRST?






44. A company needs to remove sensitive data from hard drives in leased computers before the computers are returned to the supplier. Which of the following is the BEST solution?






45. River Tam - the software security engineer - is trying to detect issues that could lead to buffer overflows or memory leaks in the company software. Which of the following would help River Tam automate this detection?






46. Which of the following network solutions would BEST allow Starbuck - a security technician - to host an extranet application for her company?






47. Starbuck - a security administrator - wants to prevent users in sales from accessing their servers after 6:00 p.m. - and prevent them from accessing accounting's network at all times. Which of the following should Starbuck implement to accomplish the






48. Which of the following would help Mal - an administrator - prevent access to a rogue access point connected to a switch?






49. Which of the following is a policy that would force all users to organize their areas as well as help in reducing the risk of possible data theft?






50. Which of the following security concepts establishes procedures where creation and approval are performed through distinct functions?