Test your basic knowledge |

Comptia Security + Exam

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A security firm has been engaged to assess a software application. A production-like test environment login details - production documentation and source code have been provided. Which of the following types of testing is being described?






2. For which of the following is centralized key management most complicated?






3. Which of the following MUST a programmer implement to prevent cross-site scripting?






4. A security administrator performs several war driving routes each month and recently has noticed a certain area with a large number of unauthorized devices. Which of the following attack types is MOST likely occurring?






5. What principle requires that for a particular set of transactions - no one individual is solely responsible or allowed to execute the complete set?






6. A security administrator working for a health insurance company needs to protect customer data by installing an HVAC system and a mantrap in the data center. Which of the following are being addressed?






7. A security administrator with full administrative rights on the network is forced to temporarily take time off of their duties. Which of the following describes this form of access control?






8. In order to ensure high availability of all critical backups of the main data center are done in the middle of the night and then the backup tapes are taken to an offsite location. Which of the following would ensure the minimal amount of downtime in






9. You are performing risk assessment for an organization. What should you do during impact assessment?






10. You installed a new e-commerce application on your web server that will allow your company to take orders from their website. You want to ensure that information that customers enter into their web browser is sent securely to the web server. Which of






11. Which of the following BEST describes the proper method and reason to implement port security?






12. Which of the following network devices would MOST likely be used to detect but not react to suspicious behavior on the network?






13. Which of the following reduces the likelihood of a single point of failure when a server fails?






14. Which of the following is a best practice when securing a switch from physical access?






15. In an 802.11n network which of the following provides the MOST secure method of both encryption and authorization?






16. Logs from an IDS show that a computer has been compromised with a botnet and is actively communicating with a command and control which of the following data types will be unavailable for later investigation?






17. A rogue access point with the same SSID as the production wireless network is found. Which of the following BEST describes this attack?






18. Which environmental control is part of TEMPEST compliance?






19. Users in your company use a smart card and fingerprint scan to authenticate to the network. Which of the following authentication methods is used in your company?






20. A new enterprise solution is currently being evaluated due to its potential to increase the company's profit margins. The security administrator has been asked to review its security implications. While evaluating the various vulnerability scans were






21. An attacker forces a Windows service that uses the Local System account as its service account to crash. The attacker is able to access administrator-level resources as a result. What kind of attack is this?






22. What principle dictates that a user is given no more privilege necessary than that required to preform his/her job?






23. Which of the following port numbers is used for SCP by default?






24. How a Trojan works: A user downloads a keygen to install pirated software. After running the keygen - system performance is ________________ are displayed.






25. Which of the following is the BEST choice for encryption on a wireless network?






26. Your company wants a new web server that can be accessed both by users on your internal network and by users on the Internet. You advice the company to locate the server behind the corporate firewall so it can enjoy similar protection as the internal






27. Which of the following is MOST likely to be the last rule contained on any firewall?






28. Which of the following is a detective security control?






29. Which of the following should NOT be used with username/password authentication?






30. Which of the following secure protocols is MOST commonly used to remotely administer Unix/Linux systems?






31. You need to advise a new wiring system for a company with several locations partly open to the public. A primary requirement is to make tapping into the network as difficult as possible. Which of the following cable types should you advice?






32. An administrator identifies a security issue on but does not attempt to exploit it. Which of the following describes what the administrator has done?






33. Users in your network are able to assign permissions to their own shared resources. Which of the following access control models is used in your network?






34. Which of the following will provide the HIGHEST level of wireless network security?






35. Which of the following is NOT an application layer security protocol?






36. Which of the following is a policy that would force all users to organize their areas as well as help in reducing the risk of possible data theft?






37. A user receives an automated call which appears to be from their bank. The automated recording provides details about the bank's privacy policy security policy and requests that the user clearly state their name - birthday and enter the banking detai






38. NIDS can also be used to help identify...






39. Which of the following malware types is an antivirus scanner MOST unlikely to discover?






40. Which of the following is specific to a buffer overflow attack?






41. Which of the following malicious code will do its objectionable deed after a predetermined action takes place or at a specific time?






42. Which of the following describes the purpose of chain of custody as applied to forensic image retention?






43. Your daily bandwidth monitoring report of your Internet connection shows an excessive amount of outgoing traffic on port 25. You have seen peaks in the reports before but this report shows many peaks outside office times. What should you do?






44. An IT administrator wants to provide 250 staff with secure remote access to the corporate network. Which of the following BEST achieves this requirement?






45. A set of instructions normally implemented on a computer system as a procedure to manipulate data is called a(n)?






46. The 802.11i standard specifies support for which encryption algorithms?






47. Which of the following is the default rule found in a corporate firewall's access control list?






48. Upon investigation an administrator finds a suspicious system-level kernel module which modifies file system operations. This is an example of which of the following?






49. Performing routine security audits is a form of which of the following controls?






50. Which of the following environmental variables reduces the potential for static discharges?