Test your basic knowledge |

Comptia Security + Exam

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which of the following is an unauthorized wireless router that allows access to a secure network?






2. Users of specific systems are reporting that their data has been corrupted. After a recent patch update to those systems the users are still reporting issues of data being corrupt. Which of the following assessment techniques need to be performed to






3. Which of the following web application security weaknesses can be mitigated by preventing the use of HTML tags?






4. Which of the following tools provides the ability to determine if an application is transmitting a password in clear-text?






5. Which of the following is true regarding the WTLS protocol?






6. Which of the following risks may result from improper use of social networking and P2P software?






7. A network administrator is implementing a network addressing scheme that uses a long string of both numbers and alphanumeric characters to create addressing options and avoid duplicates. Which of the following describes a protocol built for this purp






8. A security administrator wants to determine what data is allowed to be collected from users of the corporate Internet-facing web application. Which of the following should be referenced?






9. Which of the following may cause a user connected to a NAC-enabled network - to not be prompted for credentials?


10. Which of the following logical controls does a flood guard protect against?






11. Which of the following is an example of allowing another user physical access to a secured area without validation of their credentials?






12. An attacker forces a Windows service that uses the Local System account as its service account to crash. The attacker is able to access administrator-level resources as a result. What kind of attack is this?






13. By default which of the following stops network traffic when the traffic is not identified in the firewall ruleset?






14. An existing application has never been assessed from a security perspective. Which of the following is the BEST assessment technique in order to identify the application's security posture?






15. Which of the following port numbers is used for SCP by default?






16. You detected an intrusion and are taking the necessary steps to preserve the evidence. You want to make sure the evidence will be admissible in a court of law. What should you do?






17. Which of the following devices would allow a technician to view IP headers on a data packet?






18. While browsing the Internet an administrator notices their browser behaves erratically - appears to download something - and then crashes. Upon restarting the PC - the administrator notices performance is extremely slow and there are hundreds of outb






19. When examining HTTP server logs the security administrator notices that the company's online store crashes after a particular search string is executed by a single external user. Which of the following BEST describes this type of attack?






20. You want to setup a secure method of sending and receiving email. Which two of the following protocols can be used for this purpose?






21. A user is no longer able to transfer files to the FTP server. The security administrator has verified the ports are open on the network firewall. Which of the following should the security administrator check?






22. What asymmetric key is used to encrypt when using HTTPS?


23. Which of the following would allow traffic to be redirected through a malicious machine by sending false hardware address updates to a switch?






24. Several staff members working in a datacenter have reported instances of tailgating. Which of the following could be implemented to prevent this security concern?






25. Which of the following is not an asymmetric system?






26. Two systems are being designed. System A has a high availability requirement. System B has a high security requirement with less emphasis on system uptime. Which of the following configurations BEST fits the need for each system?






27. Which of the following is the default rule found in a corporate firewall's access control list?






28. An administrator who wishes to block all database ports at the firewall should include which of the following ports in the block list?






29. Which of the following is a best practice to identify fraud from an employee in a sensitive position?






30. You are performing risk assessment for an organization. What should you do during impact assessment?






31. Due to sensitive data concerns a security administrator has enacted a policy preventing the use of flash drives. Additionally - which of the following can the administrator implement to reduce the risk of data leakage?






32. Which of the following manages peer authentication and key exchange for an IPSec connection?






33. Which of the following can prevent an unauthorized employee from entering a data center?






34. In which of the following locations would a forensic analyst look to find a hooked process?






35. A security administrator performs several war driving routes each month and recently has noticed a certain area with a large number of unauthorized devices. Which of the following attack types is MOST likely occurring?






36. How a Trojan works: A user downloads a keygen to install pirated software. After running the keygen - system performance is ________________ are displayed.






37. A company that purchases insurance to reduce risk is an example of which of the following?






38. Which of the following will provide the HIGHEST level of wireless network security?






39. Which of the following is a management control type?






40. A visitor plugs their laptop into the network and receives a warning about their antivirus being out of-date along with various patches that are missing. The visitor is unable to access the Internet or any network resources. Which of the following is






41. Which of the following should be considered when trying to prevent somebody from capturing network traffic?






42. A security administrator with full administrative rights on the network is forced to temporarily take time off of their duties. Which of the following describes this form of access control?






43. Which of the following security threats does shredding mitigate?






44. Which of the following ports would a security administrator block if the administrator wanted to stop users from accessing outside SMTP services?






45. Which of the following environmental controls would BEST be used to regulate cooling within a datacenter?






46. Which of the following includes a photo and can be used for identification?






47. A security firm has been engaged to assess a software application. A production-like test environment login details - production documentation and source code have been provided. Which of the following types of testing is being described?






48. Which of the following facilitates computing for heavily utilized systems and networks?






49. Which of the following is a best practice when securing a switch from physical access?






50. Your company wants a new web server that can be accessed both by users on your internal network and by users on the Internet. You advice the company to locate the server behind the corporate firewall so it can enjoy similar protection as the internal