SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security + Exam
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which of the following is a detective security control?
To minimize the organizational risk posed by users
CCTV
Cognitive passwords
SSH - SCP - and SFTP (the MOST secure method to transfer files from a host machine)
2. Which of the following is another name for a malicious attacker?
Implement a change management strategy
Black hat
Ensure a proper chain of custody
By masking the IP address of internal computers from the Internet
3. Which of the following describes a passive attempt to identify weaknesses?
Check if relaying is denied for unauthorized domains
Vulnerability scanning
VLAN segregation
IPv6
4. A security administrator is in charge of a a hot site and a cold site. Due to a recent disaster - the administrator needs to ensure that their cold site is ready to go in case of a disaster. Which of the following does the administrator need to ensur
Account disablement
Birthday - Full name
22
Location that meets power and connectivity requirementsdatacenter
5. Several staff members working in a datacenter have reported instances of tailgating. Which of the following could be implemented to prevent this security concern?
DMZ
Integrity
Mantraps
Software as a Service
6. The 64 bit block cipher with 16 iterations giving a 56 bit key is called?
Mantraps
Data Encryption Standard (DES)
IDS
User rights and permissions reviews
7. An administrator who wishes to block all database ports at the firewall should include which of the following ports in the block list?
Platform as a Service
Shoulder surfing
1433
Spear phishing
8. What port does the Domain Name Service (DNS) use by default?
Apply a security control which ties specific ports to end-device MAC addresses and prevents additional devices from being connected to the network.
53
Smurf attack
Determine the potential monetary costs related to a threat
9. Which of the following is MOST relevant to a buffer overflow attack?
War driving
Firewall rulesflow of network traffic at the edge of the network
NOOP instructions
Deny all
10. By default which of the following stops network traffic when the traffic is not identified in the firewall ruleset?
Botnet
White box
Implicit deny
Information disclosure
11. Based on logs from file servers remote access systems - and IDS - a malicious insider was stealing data using a personal laptop while connected by VPN. The affected company wants access to the laptop to determine loss - but the insider's lawyer insis
Principle of least privilege
Availability
MAC address
Botnet
12. Which of the following protocols should be blocked at the network perimeter to prevent host enumeration by sweep devices?
Location that meets power and connectivity requirementsdatacenter
ICMP
Availability
Memory - network processes - and system processesserver. If the computer is powered off
13. Which of the following is the BEST way to secure data for the purpose of retention?
Off-site backup
Fiber optic
Accountability
Buffer overflow
14. What principle dictates that a user is given no more privilege necessary than that required to preform his/her job?
Man-in-the-middle
Use SSH to connect to the Linux shell
Principle of least privilege
Asymmetric and Hashing
15. Which of the following would be the BEST action to perform when conducting a corporate vulnerability assessment?
Evil twin
Validate input to remove hypertext
Organize data based on severity and asset value.
Least privilege
16. Which of the following should be performed on a computer to protect the operating system from malicious software?
Disable unused services - Update HIPS signatures
Load balancer
Clean desk policy
IDS
17. Risk can be managed in the following ways...
Check if relaying is denied for unauthorized domains
The new access point was mis-configured and is interfering with another nearby access point.
Cognitive passwords
mitigation - acceptance - transference
18. Users in your company use a smart card and fingerprint scan to authenticate to the network. Which of the following authentication methods is used in your company?
Provider cloud
Multi-factor authentication.
Risk assessmentproduct Answer: D
Deny all
19. A critical system in the datacenter is not connected to a UPS. The security administrator has coordinated an authorized service interruption to resolve this issue. This is an example of which of the following?
Visibility - Accessibility - Neighborhood crime rate
Shielding
SNMP (also use to monitor the parameters of network devices)
Fault tolerance
20. Which of the following security threats does shredding mitigate?
Mantraps
Dumpster diving
SSH - SCP - and SFTP (the MOST secure method to transfer files from a host machine)
Off-site backup
21. An application log shows that the text 'test; rm -rf /etc/passwd' was entered into an HTML form. Which of the following describes the type of attack that was attempted?
SSH - SCP - and SFTP (the MOST secure method to transfer files from a host machine)
Black hat
Command injection
extremely slow and numerous antivirus alerts
22. In an 802.11n network which of the following provides the MOST secure method of both encryption and authorization?
SNMP (also use to monitor the parameters of network devices)
WPA Enterprise
Determine open ports
Only the message data is encrypted
23. Which of the following describes the purpose of chain of custody as applied to forensic image retention?
Run the image through SHA256. Answer: D
Add input validation to forms.
Off-site backup
To provide documentation as to who has handled the evidence
24. Which of the following is not an asymmetric system?
MAC address
Gas
DES
Disable unused services - Update HIPS signatures
25. Which of the following assists in identifying if a system was properly handled during transport?
Chain of custody
Validate input to remove hypertext
Whaling
Cross-site scripting
26. Which solution should you use?
Footprinting
Bluesnarfing
se file servers attached to an NAS system.
Firewall rulesflow of network traffic at the edge of the network
27. Which of the following environmental controls would BEST be used to regulate cooling within a datacenter?
Mandated security configurations have been made to the operating system.
Integrity and Authentication
Virtual servers have the same information security requirements as physical servers.
Hot and cold aisles
28. The security administrator notices a number of TCP connections from the development department to the test network segregation. Large volumes of data are being transmitted between the two networks only on port 22. Which of the following is MOST likel
Confidentiality
The development team is transferring data to test systems using SFTP and SCP.
Principle of least privilege
Blind FTP
29. Users of specific systems are reporting that their data has been corrupted. After a recent patch update to those systems the users are still reporting issues of data being corrupt. Which of the following assessment techniques need to be performed to
Privilege escalation
Cross-site scripting
Vulnerability scan
Load balancer
30. A technician needs to limit the wireless signal from reaching outside of a building. Which of the following actions should the technician take?
The server is missing the default gateway.
Command injection
NIDS
Decrease the power levels on the WAP
31. Data can potentially be stolen from a disk screen-lock protected - smartphone by which of the following?
Bluesnarfing
Asymmetric and Hashing
Confidentiality
A system that stops an attack in progress.
32. A security engineer is troubleshooting a server which cannot be reached from the Internet or the internal network. All other servers on the DMZ are able to communicate with this server. Which of the following is the MOST likely cause?
The server is missing the default gateway.
Fiber optic
Implicit deny
Man-in-the-middle
33. Which of the following is an example of allowing another user physical access to a secured area without validation of their credentials?
1433
DMZ
Tailgating
SSH
34. Which of the following is a technique designed to obtain information from a specific person?
Whaling
Spear phishing
Minimize risk of physical data theft. - Minimize the impact of the failure of any one file server.
Polymorphic
35. Which of the following manages peer authentication and key exchange for an IPSec connection?
To provide documentation as to who has handled the evidence
Rogue access point
Firewall rulesflow of network traffic at the edge of the network
IKE
36. A security administrator wants to know which systems are more susceptible to an attack compared to other systems on the network. Which of the following assessment tools would be MOST effective?
Vulnerability scanner
Ensure a proper chain of custody
The PC has become part of a botnet.
EMI shielding
37. Which of the following identifies some of the running services on a system?
The security posture is enabled on the network and remediation must take place before access is given to the visitor on that laptop.
Integrity and Authentication
Determine open ports
User rights
38. A company that purchases insurance to reduce risk is an example of which of the following?
IPSec
Fiber optic
To provide documentation as to who has handled the evidence
Risk transference
39. Which of the following is MOST likely to be the last rule contained on any firewall?
DMZ
Privilege escalation
Implicit deny
Spear phishing
40. Applying detailed instructions to manage the including allowing or denying traffic based on port - protocol - address - or direction is an implementation of which of the following?
Firewall rulesflow of network traffic at the edge of the network
To ensure that staff understands what data they are handling and processing
Determine the potential monetary costs related to a threat
Confidentiality - Availability
41. NIDS can also be used to help identify...
S/MIME PGP
System A fails open. System B fails closed.
smurf attacks
MS-CHAP
42. Which of the following threats corresponds with an attacker targeting specific employees of a company?
BIOS
Spear phishing
Black hat
Mandatory vacations
43. Which of the following should the security administrator look at FIRST when implementing an AP to gain more coverage?
The web site's public key.
Lets you minimize the attack surface relating to the application
Power levels
Polymorphic
44. You installed a new e-commerce application on your web server that will allow your company to take orders from their website. You want to ensure that information that customers enter into their web browser is sent securely to the web server. Which of
SSL
Virtual servers have the same information security requirements as physical servers.
VPN concentrator
Install a network-based IDS
45. Which environmental control is part of TEMPEST compliance?
Shielding
Security guard - Proximity reader
NIDS
MD5
46. Which of the following would provide the MOST reliable proof that a data center was accessed at a certain time of day?
Man-in-the-middle
MD5
Video surveillance
Algorithm
47. An administrator is updating firmware on routers throughout the company. Where should the administrator document this work?
HSM
Clean desk policy
Mantraps
Change Management System
48. Proper wireless antenna placement and radio power setting reduces the success of which of the following reconnaissance methods?
Firewall - VPN
SSL
Least privilege
War driving
49. Which of the following is a policy that would force all users to organize their areas as well as help in reducing the risk of possible data theft?
Protocol analyzer
The PC has become part of a botnet.
Clean desk policy
Firewall rulesflow of network traffic at the edge of the network
50. What is the term used to describe the type of attack where a DNS server accepts and uses incorrect information from a host that does not have authority to supply that information?
Implement a change management strategy
SSH
AES and TKIP
DNS spoofing
