Test your basic knowledge |

Comptia Security + Exam

Instructions:
  • Answer 50 questions in 30 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which of the following attacks is manifested as an embedded HTML image object or JavaScript image tag in an email?






2. Isolation mode on an AP provides which of the following functionality types?






3. Which of the following concepts ensures that the data is only viewable to authorized users?






4. Which of the following is used when performing a quantitative risk analysis?






5. Which of the following would be implemented to allow access to services while segmenting access to the internal network?






6. Which of the following describes the purpose of chain of custody as applied to forensic image retention?






7. An attacker forces a Windows service that uses the Local System account as its service account to crash. The attacker is able to access administrator-level resources as a result. What kind of attack is this?






8. Which of the following should be enabled to ensure only certain wireless clients can access the network?






9. A user receives an automated call which appears to be from their bank. The automated recording provides details about the bank's privacy policy security policy and requests that the user clearly state their name - birthday and enter the banking detai






10. Which of the following port numbers is used for SCP by default?






11. Which of the following should be performed on a computer to protect the operating system from malicious software?






12. Applying detailed instructions to manage the including allowing or denying traffic based on port - protocol - address - or direction is an implementation of which of the following?






13. A network consists of various remote sites that connect back to two main locations. The security administrator needs to block TELNET access into the network. Which of the following by default - would be the BEST choice to accomplish this goal?






14. Several staff members working in a datacenter have reported instances of tailgating. Which of the following could be implemented to prevent this security concern?






15. On-going annual awareness security training should be coupled with:..






16. You want to improve security for remote administration to several Linux web servers on the Internet. The data as well as the authentication process needs to be encrypted. Which of the following should you do?






17. An application log shows that the text 'test; rm -rf /etc/passwd' was entered into an HTML form. Which of the following describes the type of attack that was attempted?






18. Which of the following should the security administrator look at FIRST when implementing an AP to gain more coverage?






19. Which of the following is the MOST secure method of utilizing FTP?






20. How a Trojan works: A user downloads a keygen to install pirated software. After running the keygen - system performance is ________________ are displayed.






21. Which of the following protocols should be blocked at the network perimeter to prevent host enumeration by sweep devices?






22. Which of the following uses TCP port 22 by default?






23. You want to setup a secure method of sending and receiving email. Which two of the following protocols can be used for this purpose?






24. A network administrator is implementing a network addressing scheme that uses a long string of both numbers and alphanumeric characters to create addressing options and avoid duplicates. Which of the following describes a protocol built for this purp






25. Which of the following functions is MOST likely performed by a web security gateway?






26. With which of the following is RAID MOST concerned?






27. Which of the following is a security control that is lost when using cloud computing?






28. Which of the following secure protocols is MOST commonly used to remotely administer Unix/Linux systems?






29. Which of the following should be installed to prevent employees from receiving unsolicited emails?






30. A visitor plugs their laptop into the network and receives a warning about their antivirus being out of-date along with various patches that are missing. The visitor is unable to access the Internet or any network resources. Which of the following is






31. A targeted email attack sent to the company's Chief Executive Officer (CEO) is known as which of the following?






32. Based on logs from file servers remote access systems - and IDS - a malicious insider was stealing data using a personal laptop while connected by VPN. The affected company wants access to the laptop to determine loss - but the insider's lawyer insis






33. Which of the following security threats does shredding mitigate?






34. An administrator is taking an image of a server and converting it to a virtual instance. Which of the following BEST describes the information security requirements of a virtualized server?






35. What are typical elements of authentication as part of physical access controls?






36. Which of the following is MOST relevant to a buffer overflow attack?






37. Which of the following is the MAIN reason to require data labeling?






38. A user reports that their 802.11n capable interface connects and disconnects frequently to an access point that was recently installed. The user has a Bluetooth enabled laptop. A company in the next building had their wireless network breached last m






39. Which of the following is true regarding the WTLS protocol?






40. You are designing a secure application environment. You need to ensure that data is kept as secure as possible. You need to select the strictest access control model. What access control model should you use?






41. What is the name of the process during which an attacker gathers information about a target company's intranet - remote access - extranet - and Internet connections?






42. Which of the following is MOST likely to be the last rule contained on any firewall?






43. By default which of the following stops network traffic when the traffic is not identified in the firewall ruleset?






44. A security administrator working for a health insurance company needs to protect customer data by installing an HVAC system and a mantrap in the data center. Which of the following are being addressed?






45. You discover that company confidential information is being encoded into graphics files and sent to a destination outside of the company. This is an example of what kind of cryptography?






46. Your company wants a new web server that can be accessed both by users on your internal network and by users on the Internet. You advice the company to locate the server behind the corporate firewall so it can enjoy similar protection as the internal






47. During the analysis of malicious code a security analyst discovers JavaScript being used to send random data to another service on the same system. This is MOST likely an example of which of the following?






48. Which of the following is not an asymmetric system?






49. Which of the following allows a security administrator to set device traps?






50. In order to provide flexible working conditions a company has decided to allow some employees remote access into corporate headquarters. Which of the following security technologies could be used to provide remote access?