Test your basic knowledge |

Comptia Security + Exam

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which of the following will provide the HIGHEST level of wireless network security?






2. Which of the following is used for exchanging secret keys over an insecure public network?






3. Which of the following cloud computing concepts is BEST described as providing an easy-to configure OS and on-demand computing for customers?






4. Which of the following is the default rule found in a corporate firewall's access control list?






5. What principle requires that for a particular set of transactions - no one individual is solely responsible or allowed to execute the complete set?






6. In order to ensure high availability of all critical backups of the main data center are done in the middle of the night and then the backup tapes are taken to an offsite location. Which of the following would ensure the minimal amount of downtime in






7. Which of the following web application security weaknesses can be mitigated by preventing the use of HTML tags?






8. Logs from an IDS show that a computer has been compromised with a botnet and is actively communicating with a command and control which of the following data types will be unavailable for later investigation?






9. Which of the following encryption algorithms can be used in PGP for data encryption?






10. What asymmetric key is used to decrypt when using HTTPS?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


11. A security administrator wants to know which systems are more susceptible to an attack compared to other systems on the network. Which of the following assessment tools would be MOST effective?






12. Which of the following should be enabled to ensure only certain wireless clients can access the network?






13. You discover that company confidential information is being encoded into graphics files and sent to a destination outside of the company. This is an example of what kind of cryptography?






14. Which of the following risks may result from improper use of social networking and P2P software?






15. Which of the following threats corresponds with an attacker targeting specific employees of a company?






16. Which of the following is used when performing a quantitative risk analysis?






17. Which of the following can prevent an unauthorized employee from entering a data center?






18. Which of the following should the security administrator look at FIRST when implementing an AP to gain more coverage?






19. What key is used to encrypt an HTTPS session?






20. Which of the following is NOT an application layer security protocol?






21. Which of the following wireless security controls can be easily and quickly circumvented using only a network sniffer?






22. User in your department complain about a slow Internet connection. You monitor the external interface of your company's border router and notice a huge mount of half-open TCP connections. What type of attack is your company currently a victim of?






23. A user receives an automated call which appears to be from their bank. The automated recording provides details about the bank's privacy policy security policy and requests that the user clearly state their name - birthday and enter the banking detai






24. Which protocol ensures private communications by ensuring that no third party can eavesdrop or tamper with any message or data transfer between client and server systems and is the successor to the secure Socket Layer (SSL)?






25. Which of the following is the MOST likely cause of a single computer communicating with an unknown IRC server and scanning other systems on the network?






26. A security administrator wants to determine what data is allowed to be collected from users of the corporate Internet-facing web application. Which of the following should be referenced?






27. Which of the following attacks is BEST described as the interruption of network traffic accompanied by the insertion of malicious code?






28. Which of the following is true concerning email message encryption by using S/MIME?






29. Which of the following concepts ensures that the data is only viewable to authorized users?






30. A security administrator is in charge of a a hot site and a cold site. Due to a recent disaster - the administrator needs to ensure that their cold site is ready to go in case of a disaster. Which of the following does the administrator need to ensur






31. A technician needs to limit the wireless signal from reaching outside of a building. Which of the following actions should the technician take?






32. Which of the following is an unauthorized wireless router that allows access to a secure network?






33. Which of the following assists in identifying if a system was properly handled during transport?






34. Which of the following describes when forensic hashing should occur on a drive?






35. What is the name of the process during which an attacker gathers information about a target company's intranet - remote access - extranet - and Internet connections?






36. Which of the following protocols requires the use of a CA based authentication process?






37. A security administrator needs to separate two departments. Which of the following would the administrator implement to perform this?






38. Which of the following is true regarding the WTLS protocol?






39. A helpdesk engineer just received a phone call from an administrator at a remote branch office. The administrator claimed to have forgotten the password for the root account of the UNIX servers. Although the helpdesk engineer didn't know of any admin






40. Which of the following would be implemented to allow access to services while segmenting access to the internal network?






41. Your organization has an existing server and you want to add a hardware device to provide encryption capabilities. What is the easiest way to accomplish this?






42. Which of the following devices would allow a technician to view IP headers on a data packet?






43. Which of the following BEST describes the proper method and reason to implement port security?






44. Your daily bandwidth monitoring report of your Internet connection shows an excessive amount of outgoing traffic on port 25. You have seen peaks in the reports before but this report shows many peaks outside office times. What should you do?






45. Performing routine security audits is a form of which of the following controls?






46. A programmer allocates 16 bytes for a string but does not adequately ensure that more than 16 bytes cannot be copied into the variable. This program may be vulnerable to which of the following attacks?






47. The security administrator notices a number of TCP connections from the development department to the test network segregation. Large volumes of data are being transmitted between the two networks only on port 22. Which of the following is MOST likel






48. Users in your network are able to assign permissions to their own shared resources. Which of the following access control models is used in your network?






49. Isolation mode on an AP provides which of the following functionality types?






50. Which of the following malware types is MOST commonly installed through the use of thumb drives to compromise systems and provide unauthorized access?