Test your basic knowledge |

Comptia Security + Exam

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which of the following is the MOST likely cause of a single computer communicating with an unknown IRC server and scanning other systems on the network?






2. A security administrator needs to separate two departments. Which of the following would the administrator implement to perform this?






3. Which of the following may cause a user connected to a NAC-enabled network - to not be prompted for credentials?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


4. What allows for all activities on a network or system to be traced to the user who performed them?






5. Which of the following is the primary difference between a virus and a worm?






6. Which of the following protocols requires the use of a CA based authentication process?






7. Which of the following would provide the MOST reliable proof that a data center was accessed at a certain time of day?






8. You are the network admin for a large LAN with a single - firewall-protected - Internet connection. You want to analyze all network traffic in your local network for suspicious activities and receive a notification when a possible attack is in proces






9. Which of the following ports would a security administrator block if the administrator wanted to stop users from accessing outside SMTP services?






10. What asymmetric key is used to encrypt when using HTTPS?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


11. Your organization recently purchased several new laptop computers for employees. You're asked to encrypt the laptop's hard drives without purchasing any additional hardware. What would you use?






12. A rogue access point with the same SSID as the production wireless network is found. Which of the following BEST describes this attack?






13. What is the term used to describe the type of FTP access in which the user does not have permissions to list the content of directories but can access the contents if he knows the path and file name?






14. Users in your network are able to assign permissions to their own shared resources. Which of the following access control models is used in your network?






15. Which of the following attacks is manifested as an embedded HTML image object or JavaScript image tag in an email?






16. Which of the following should be enabled to ensure only certain wireless clients can access the network?






17. Which of the following describes when forensic hashing should occur on a drive?






18. How a Trojan works: A user downloads a keygen to install pirated software. After running the keygen - system performance is ________________ are displayed.






19. Which of the following web application security weaknesses can be mitigated by preventing the use of HTML tags?






20. An administrator is taking an image of a server and converting it to a virtual instance. Which of the following BEST describes the information security requirements of a virtualized server?






21. You have several computers that use the NTLM authentication protocol for client authentication. Network policy requires user passwords with at least 16 characters. What hash algorithm is used for password authentication?






22. What asymmetric key is used to decrypt when using HTTPS?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


23. With which of the following is RAID MOST concerned?






24. The security administrator notices a number of TCP connections from the development department to the test network segregation. Large volumes of data are being transmitted between the two networks only on port 22. Which of the following is MOST likel






25. Actively monitoring data streams in search of malicious code or behavior is an example of..






26. An existing application has never been assessed from a security perspective. Which of the following is the BEST assessment technique in order to identify the application's security posture?






27. Which of the following security threats does shredding mitigate?






28. Which of the following uses TCP port 22 by default?






29. Which of the following is true regarding the WTLS protocol?






30. Which of the following should a security administrator implement to prevent users from disrupting network connectivity if a user connects both ends of a network cable to different switch ports?






31. Which of the following network devices would MOST likely be used to detect but not react to suspicious behavior on the network?






32. Which of the following protocols is often used in combination with L2TP to add an additional layer of security?






33. Recovery Point Objectives and Recovery Time Objectives directly relate to which of the following BCP concepts?






34. Which of the following malware types is MOST commonly installed through the use of thumb drives to compromise systems and provide unauthorized access?






35. Which of the following is another name for a malicious attacker?






36. A programmer allocates 16 bytes for a string but does not adequately ensure that more than 16 bytes cannot be copied into the variable. This program may be vulnerable to which of the following attacks?






37. Which of the following is the BEST choice for encryption on a wireless network?






38. Your daily bandwidth monitoring report of your Internet connection shows an excessive amount of outgoing traffic on port 25. You have seen peaks in the reports before but this report shows many peaks outside office times. What should you do?






39. What principle dictates that a user is given no more privilege necessary than that required to preform his/her job?






40. Which of the following BEST describes an intrusion prevention system?






41. Which of the following would be the BEST action to perform when conducting a corporate vulnerability assessment?






42. Which of the following is NOT an application layer security protocol?






43. A helpdesk engineer just received a phone call from an administrator at a remote branch office. The administrator claimed to have forgotten the password for the root account of the UNIX servers. Although the helpdesk engineer didn't know of any admin






44. Separating of duties is valuable in deterring?






45. Which of the following describes a passive attempt to identify weaknesses?






46. During the analysis of malicious code a security analyst discovers JavaScript being used to send random data to another service on the same system. This is MOST likely an example of which of the following?






47. A security firm has been engaged to assess a software application. A production-like test environment login details - production documentation and source code have been provided. Which of the following types of testing is being described?






48. Upon investigation an administrator finds a suspicious system-level kernel module which modifies file system operations. This is an example of which of the following?






49. An administrator who wishes to block all database ports at the firewall should include which of the following ports in the block list?






50. A set of instructions normally implemented on a computer system as a procedure to manipulate data is called a(n)?