Test your basic knowledge |

Comptia Security + Exam

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Users in your company use a smart card and fingerprint scan to authenticate to the network. Which of the following authentication methods is used in your company?






2. Webmail is classified under which of the following cloud-based technologies?






3. Which protocol ensures private communications by ensuring that no third party can eavesdrop or tamper with any message or data transfer between client and server systems and is the successor to the secure Socket Layer (SSL)?






4. Which of the following BEST describes the proper method and reason to implement port security?






5. Which of the following is BEST used to prevent ARP poisoning attacks across a network?






6. Which of the following concepts ensures that the data is only viewable to authorized users?






7. Which of the following identifies some of the running services on a system?






8. A web application has been found to be vulnerable to a SQL injection attack. Which of the following BEST describes the required remediation action?






9. Recovery Point Objectives and Recovery Time Objectives directly relate to which of the following BCP concepts?






10. Which of the following malware types is an antivirus scanner MOST unlikely to discover?






11. You are performing risk assessment for an organization. What should you do during impact assessment?






12. Which of the following should be installed to prevent employees from receiving unsolicited emails?






13. A helpdesk engineer just received a phone call from an administrator at a remote branch office. The administrator claimed to have forgotten the password for the root account of the UNIX servers. Although the helpdesk engineer didn't know of any admin






14. A security administrator needs to implement a site-to-site VPN tunnel between the main office and a remote branch. Which of the following protocols should be used for the tunnel?






15. A programmer allocates 16 bytes for a string but does not adequately ensure that more than 16 bytes cannot be copied into the variable. This program may be vulnerable to which of the following attacks?






16. Which of the following protocols requires the use of a CA based authentication process?






17. Which of the following is a policy that would force all users to organize their areas as well as help in reducing the risk of possible data theft?






18. A set of instructions normally implemented on a computer system as a procedure to manipulate data is called a(n)?






19. A security administrator is tasked with ensuring that all servers are highly available and that hard drive failure will not affect an individual server. Which of the following configurations will allow for high availability?






20. Which of the following is NOT an application layer security protocol?






21. An attacker forces a Windows service that uses the Local System account as its service account to crash. The attacker is able to access administrator-level resources as a result. What kind of attack is this?






22. Which of the following should be enabled to ensure only certain wireless clients can access the network?






23. Which environmental control is part of TEMPEST compliance?






24. What principle dictates that a user is given no more privilege necessary than that required to preform his/her job?






25. Which of the following threats corresponds with an attacker targeting specific employees of a company?






26. Which of the following reduces the likelihood of a single point of failure when a server fails?






27. While browsing the Internet an administrator notices their browser behaves erratically - appears to download something - and then crashes. Upon restarting the PC - the administrator notices performance is extremely slow and there are hundreds of outb






28. Which of the following would provide the MOST reliable proof that a data center was accessed at a certain time of day?






29. In an 802.11n network which of the following provides the MOST secure method of both encryption and authorization?






30. Which of the following malicious code will do its objectionable deed after a predetermined action takes place or at a specific time?






31. Which of the following MUST a programmer implement to prevent cross-site scripting?






32. Which of the following is the MOST secure method of utilizing FTP?






33. What port does the Domain Name Service (DNS) use by default?






34. Which of the following risks may result from improper use of social networking and P2P software?






35. Which of the following allows a security administrator to set device traps?






36. Risk can be managed in the following ways...






37. What key is used to encrypt an HTTPS session?






38. A remote office is reporting they are unable to access any of the network resources from the main office. The security administrator realizes the error and corrects it. The administrator then tries to ping the router at the remote office and receives






39. Which of the following wireless security controls can be easily and quickly circumvented using only a network sniffer?






40. You are the network admin for a large LAN with a single - firewall-protected - Internet connection. You want to analyze all network traffic in your local network for suspicious activities and receive a notification when a possible attack is in proces






41. A security administrator wants to know which systems are more susceptible to an attack compared to other systems on the network. Which of the following assessment tools would be MOST effective?






42. A security administrator finished taking a forensic image of a computer's memory. Which of the following should the administrator do to ensure image integrity?






43. Which of the following is used for exchanging secret keys over an insecure public network?






44. User in your department complain about a slow Internet connection. You monitor the external interface of your company's border router and notice a huge mount of half-open TCP connections. What type of attack is your company currently a victim of?






45. Which of the following manages peer authentication and key exchange for an IPSec connection?






46. Which of the following secure protocols is MOST commonly used to remotely administer Unix/Linux systems?






47. Which of the following includes a photo and can be used for identification?






48. The security administrator implemented privacy password protected screen savers - and hired a secure shredding and disposal service. Which of the following attacks is the security administrator trying to mitigate?






49. A user is no longer able to transfer files to the FTP server. The security administrator has verified the ports are open on the network firewall. Which of the following should the security administrator check?






50. Your organization has an existing server and you want to add a hardware device to provide encryption capabilities. What is the easiest way to accomplish this?