SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security + Exam
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which of the following malware types is MOST commonly installed through the use of thumb drives to compromise systems and provide unauthorized access?
Pharming - Logic bomb
Ensure a proper chain of custody
Rogue access points
Trojans
2. With which of the following is RAID MOST concerned?
SYN attacks
Availability
CAC
Cross-site scripting
3. The server log shows 25 SSH login sessions it is a large company and the administrator does not know if this is normal behavior or if the network is under attack. Where should the administrator look to determine if this is normal behavior?
Hardware RAID 5 - Software RAID 1
Clean desk policy
Baseline reporting
Visibility - Accessibility - Neighborhood crime rate
4. Which of the following describes a passive attempt to identify weaknesses?
Software as a Service
Asset value
quantitative risk assessment
Vulnerability scanning
5. Which of the following concepts ensures that the data is only viewable to authorized users?
Fraud
Confidentiality
ICMP
MAC filtering
6. Which of the following are the default ports for HTTP and HTTPS protocols?
Baseline reporting
80 - 443
Ensure a proper chain of custody
Principle of least privilege
7. You discover that company confidential information is being encoded into graphics files and sent to a destination outside of the company. This is an example of what kind of cryptography?
Check if relaying is denied for unauthorized domains
IDEA and TripleDes
Multi-factor authentication.
Steganography
8. Which of the following includes a photo and can be used for identification?
CAC
Content filtering
Chain of custody
53
9. Which of the following is specific to a buffer overflow attack?
Vulnerability scanning
The server is missing the default gateway.
SSH
Initial vector
10. A system administrator could have a user level account and an administrator account to prevent:...
War driving
escalation of privileges.
Confidentiality
Check if relaying is denied for unauthorized domains
11. A web application has been found to be vulnerable to a SQL injection attack. Which of the following BEST describes the required remediation action?
IPSec
Privilege escalation
Mandatory vacation
Add input validation to forms.
12. Which of the following devices BEST allows a security administrator to identify malicious activity after it has occurred?
IDS
Fraud
Initial vector
WPA2-PSK
13. MAC filtering is a form of which of the following?
TLS
NIDS
MAC address
Network Access Control
14. A bulk update process fails and writes incorrect data throughout the database. Which of the following concepts describes what has been compromised?
Loop protection
Integrity
IPv6
PEAP-TLS
15. Which of the following is used when performing a qualitative risk analysis?
Deny all
Virtual servers have the same information security requirements as physical servers.
Logic Bomb
Judgment
16. Which of the following devices is used to optimize and distribute data workloads across multiple computers or networks?
Load balancer
SYN attacks
Shoulder surfing
Decrease the power levels on the WAP
17. Which of the following BEST describes the proper method and reason to implement port security?
Confidentiality
Apply a security control which ties specific ports to end-device MAC addresses and prevents additional devices from being connected to the network.
MAC
Fiber optic
18. Risk can be managed in the following ways...
mitigation - acceptance - transference
22
DES
escalation of privileges.
19. Proper wireless antenna placement and radio power setting reduces the success of which of the following reconnaissance methods?
Spam filters
War driving
The development team is transferring data to test systems using SFTP and SCP.
System A fails open. System B fails closed.
20. You want to setup a secure method of sending and receiving email. Which two of the following protocols can be used for this purpose?
The PC has become part of a botnet.
CAC
S/MIME PGP
IPSec
21. Which of the following web application security weaknesses can be mitigated by preventing the use of HTML tags?
Cross-site scripting
Vulnerability scan
WPA2
WPA2-PSK
22. Which of the following protocols is often used in combination with L2TP to add an additional layer of security?
WPA2
Load balancer
IPSec
AES and TKIP
23. Which of the following MUST a programmer implement to prevent cross-site scripting?
IDEA and TripleDes
Validate input to remove hypertext
Privacy policy
The new access point was mis-configured and is interfering with another nearby access point.
24. A company needs to be able to prevent entry at all times - to a highly sensitive area inside a public building. In order to ensure the BEST type of physical security - which of the following should be implemented?
BIOS
Judgment
Mantrap
Data Encryption Standard (DES)
25. During the analysis of malicious code a security analyst discovers JavaScript being used to send random data to another service on the same system. This is MOST likely an example of which of the following?
Buffer overflow
Before and after the imaging process and then hash the forensic image
SSH - SCP - and SFTP (the MOST secure method to transfer files from a host machine)
Availability
26. Which of the following are important physical security considerations when choosing a location for a new remote branch office?
MAC
Confidentiality - Availability
Add input validation to forms.
Visibility - Accessibility - Neighborhood crime rate
27. A targeted email attack sent to the company's Chief Executive Officer (CEO) is known as which of the following?
SSH
IKE
Whaling
User rights and permissions reviews
28. DRPs should contain which of the following?
Ensure a proper chain of custody
CCTV
Having the offsite location of tapes also be the hot siteservers
Hierarchical list of critical systems
29. A visitor plugs their laptop into the network and receives a warning about their antivirus being out of-date along with various patches that are missing. The visitor is unable to access the Internet or any network resources. Which of the following is
Disable unused services - Update HIPS signatures
The security posture is enabled on the network and remediation must take place before access is given to the visitor on that laptop.
The user's PC is missing the authentication agent.
IPSec
30. Webmail is classified under which of the following cloud-based technologies?
Mantraps
Firewall rulesflow of network traffic at the edge of the network
S/MIME PGP
Software as a Service (SaaS)
31. The detection of a NOOP sled is an indication of which of the following attacks?
Mandated security configurations have been made to the operating system.
80 - 443
DMZ
Buffer overflow
32. A security administrator is in charge of a a hot site and a cold site. Due to a recent disaster - the administrator needs to ensure that their cold site is ready to go in case of a disaster. Which of the following does the administrator need to ensur
Apply a security control which ties specific ports to end-device MAC addresses and prevents additional devices from being connected to the network.
Location that meets power and connectivity requirementsdatacenter
Phishing techniques
Fiber optic
33. Performing routine security audits is a form of which of the following controls?
Detective
Polymorphic
MS-CHAP
Smurf attack
34. You are designing a Web-based application. You design the application so that it runs under a security context that allows only those privileges required for the application to run to minimize risk in the event of an attack. This is an example of whi
Confidentiality
Principle of least privilege
ICMP
Cognitive passwords
35. A security administrator needs to separate two departments. Which of the following would the administrator implement to perform this?
Social Engineering attack
Video surveillance
Rogue access point
VLAN
36. Which of the following malicious code will do its objectionable deed after a predetermined action takes place or at a specific time?
FTPS
Content filtering
Phishing techniques
Logic Bomb
37. Which of the following risks may result from improper use of social networking and P2P software?
Information disclosure
Shielding
Spam filters
The new access point was mis-configured and is interfering with another nearby access point.
38. An administrator identifies a security issue on but does not attempt to exploit it. Which of the following describes what the administrator has done?
Vulnerability scan
MAC address
DES
1433
39. Which type of virus is able to alter its own code to avoid being detected by anti-virus software?
By masking the IP address of internal computers from the Internet
Principle of least privilege
Polymorphic
VLAN segregation
40. Which of the following is a detective security control?
CCTV
Ensure a proper chain of custody
Protocol analyzer
Lets you minimize the attack surface relating to the application
41. Which of the following access control models allows classification and labeling of objects?
MAC
Dumpster diving
Detective
Principle of least privilege
42. When examining HTTP server logs the security administrator notices that the company's online store crashes after a particular search string is executed by a single external user. Which of the following BEST describes this type of attack?
Vulnerability scanning
DoS
Principle of least privilege
Hardware RAID 5 - Software RAID 1
43. Which of the following is an example of allowing another user physical access to a secured area without validation of their credentials?
Tailgating
Integrity and Authentication
The web site's public key.
Protocol analyzer
44. Which of the following ports would a security administrator block if the administrator wanted to stop users from accessing outside SMTP services?
25
Software as a Service
Symmetric
Initial vector
45. Logs from an IDS show that a computer has been compromised with a botnet and is actively communicating with a command and control which of the following data types will be unavailable for later investigation?
Birthday - Full name
Memory - network processes - and system processesserver. If the computer is powered off
The security posture is enabled on the network and remediation must take place before access is given to the visitor on that laptop.
ID badges
46. Which of the following is a reason to perform user awareness and training?
se file servers attached to an NAS system.
The web site's private key.
The user's PC is missing the authentication agent.
To minimize the organizational risk posed by users
47. Users in your network are able to assign permissions to their own shared resources. Which of the following access control models is used in your network?
DAC
Vulnerability scan
22
Firewall rulesflow of network traffic at the edge of the network
48. A user receives an automated call which appears to be from their bank. The automated recording provides details about the bank's privacy policy security policy and requests that the user clearly state their name - birthday and enter the banking detai
Vishing
Risk transference
Cross-site scripting
DMZ
49. Which of the following should be reviewed periodically to ensure a server maintains the correct security configuration?
The user's PC is missing the authentication agent.
Check if relaying is denied for unauthorized domains
User rights
Integrity and Authentication
50. Which of the following security threats does shredding mitigate?
Judgment
Principle of least privilege
Dumpster diving
Asset value
