SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security + Exam
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. On-going annual awareness security training should be coupled with:..
Shoulder surfing
Vulnerability scanner
Platform as a Service
signing of a user agreement.
2. Which of the following includes a photo and can be used for identification?
Phishing techniques
CAC
Enact a policy banning users from bringing in personal music devices.
CCTV
3. Which of the following wireless security controls can be easily and quickly circumvented using only a network sniffer?
AC filtering - Disabled SSID broadcast
Availability
Trojans
Bluesnarfing
4. Which of the following is an unauthorized wireless router that allows access to a secure network?
The web site's public key.
Rogue access point
SYN attacks
Visibility - Accessibility - Neighborhood crime rate
5. Which of the following protocols is often used in combination with L2TP to add an additional layer of security?
Ensure a proper chain of custody
Minimize risk of physical data theft. - Minimize the impact of the failure of any one file server.
IPSec
Hot and cold aisles
6. Which of the following is used when performing a quantitative risk analysis?
Platform as a Service
Asset value
53
Fraud
7. What allows for all activities on a network or system to be traced to the user who performed them?
PEAP-TLS
Segmentation of each wireless user from other wireless users
Lets you minimize the attack surface relating to the application
Accountability
8. Which of the following encryption algorithms can be used in PGP for data encryption?
IDEA and TripleDes
Chain of custody
War driving
NOOP instructions
9. What principle dictates that a user is given no more privilege necessary than that required to preform his/her job?
Principle of least privilege
Fiber optic
NIDS
Asymmetric and Hashing
10. Logs from an IDS show that a computer has been compromised with a botnet and is actively communicating with a command and control which of the following data types will be unavailable for later investigation?
Risk assessmentproduct Answer: D
Only the message data is encrypted
Memory - network processes - and system processesserver. If the computer is powered off
Run the image through SHA256. Answer: D
11. A technician needs to limit the wireless signal from reaching outside of a building. Which of the following actions should the technician take?
ICMP
escalation of privileges.
Check if relaying is denied for unauthorized domains
Decrease the power levels on the WAP
12. Which of the following is MOST likely to be the last rule contained on any firewall?
Rogue access points
ACLs
Implicit deny
Integrity and Authentication
13. Which of the following would be implemented to allow access to services while segmenting access to the internal network?
DMZ
SSL
Determine open ports
NIPS is blocking activities from those specific websites.
14. A critical system in the datacenter is not connected to a UPS. The security administrator has coordinated an authorized service interruption to resolve this issue. This is an example of which of the following?
Provider cloud
Fault tolerance
Dumpster diving - Shoulder surfing
HSM
15. Which of the following risks may result from improper use of social networking and P2P software?
Polymorphic
NIPS is blocking activities from those specific websites.
Lets you minimize the attack surface relating to the application
Information disclosure
16. Which of the following manages peer authentication and key exchange for an IPSec connection?
Least privilege
IKE
The user's PC is missing the authentication agent.
Trojans
17. You are designing a Web-based application. You design the application so that it runs under a security context that allows only those privileges required for the application to run to minimize risk in the event of an attack. This is an example of whi
Logic Bomb
The web site's private key.
Principle of least privilege
extremely slow and numerous antivirus alerts
18. A bulk update process fails and writes incorrect data throughout the database. Which of the following concepts describes what has been compromised?
MAC filtering
Decrease the power levels on the WAP
Integrity
Whaling
19. Which of the following would allow traffic to be redirected through a malicious machine by sending false hardware address updates to a switch?
Protocol analyzer
ARP poisoning
Disable unused ports
Vulnerability scanning
20. Your company wants a new web server that can be accessed both by users on your internal network and by users on the Internet. You advice the company to locate the server behind the corporate firewall so it can enjoy similar protection as the internal
DMZ
Network Access Control
Change Management System
Firewall - VPN
21. By default which of the following stops network traffic when the traffic is not identified in the firewall ruleset?
Ensure a proper chain of custody
Cross-site scripting
Implicit deny
Chain of custody
22. A remote office is reporting they are unable to access any of the network resources from the main office. The security administrator realizes the error and corrects it. The administrator then tries to ping the router at the remote office and receives
The remote router has ICMP blocked.
Visibility - Accessibility - Neighborhood crime rate
Having the offsite location of tapes also be the hot siteservers
Apply a security control which ties specific ports to end-device MAC addresses and prevents additional devices from being connected to the network.
23. What is the advantage of using application virtualization?
Lets you minimize the attack surface relating to the application
DAC
Virtual servers have the same information security requirements as physical servers.
25
24. Which of the following threats corresponds with an attacker targeting specific employees of a company?
TPM
EMI shielding
Command injection
Spear phishing
25. Which of the following is used for exchanging secret keys over an insecure public network?
Diffie-Hellman
SSH
DAC
Install a network-based IDS
26. Proper wireless antenna placement and radio power setting reduces the success of which of the following reconnaissance methods?
Forward to different RDP listening ports.
War driving
Risk transference
Check if relaying is denied for unauthorized domains
27. Upper management decides which risk to mitigate based on cost. This is an example of:
Vulnerability scan
Fraud
quantitative risk assessment
Least privilege
28. Which of the following is an example of allowing another user physical access to a secured area without validation of their credentials?
quantitative risk assessment
escalation of privileges.
Check if relaying is denied for unauthorized domains
Tailgating
29. Recovery Point Objectives and Recovery Time Objectives directly relate to which of the following BCP concepts?
Business impact analysis
quantitative risk assessment
53
mitigation - acceptance - transference
30. Which of the following BEST describes the proper method and reason to implement port security?
Run the image through SHA256. Answer: D
Apply a security control which ties specific ports to end-device MAC addresses and prevents additional devices from being connected to the network.
Virtual servers have the same information security requirements as physical servers.
Buffer overflow
31. Which of the following environmental variables reduces the potential for static discharges?
BIOS
quantitative risk assessment
Disable unused ports
Humidity
32. Which of the following concepts ensures that the data is only viewable to authorized users?
Gas
Proxies
Decrease the power levels on the WAP
Confidentiality
33. Which of the following BEST explains the security benefit of a standardized server image?
Confidentiality
Clustering
Power levels
Mandated security configurations have been made to the operating system.
34. When configuring multiple computers for RDP on the same wireless router it may be necessary to do which of the following?
Forward to different RDP listening ports.
ARP poisoning
Birthday - Full name
Mandatory vacation
35. Which of the following devices would allow a technician to view IP headers on a data packet?
Fault tolerance
Protocol analyzer
ID badges
Data Encryption Standard (DES)
36. The 64 bit block cipher with 16 iterations giving a 56 bit key is called?
VLAN segregation
Data Encryption Standard (DES)
The web site's public key.
Vulnerability scanning
37. DRPs should contain which of the following?
Organize data based on severity and asset value.
Vulnerability scanning
System A fails open. System B fails closed.
Hierarchical list of critical systems
38. Which of the following devices is often used to cache and filter content?
Proxies
Integrity and Authentication
Implicit deny
ACLs
39. Which of the following should be considered when trying to prevent somebody from capturing network traffic?
EMI shielding
IPSec
Organize data based on severity and asset value.
Protocol analyzer
40. Data can potentially be stolen from a disk screen-lock protected - smartphone by which of the following?
Hardware RAID 5 - Software RAID 1
Smurf attack
Bluesnarfing
smurf attacks
41. A security firm has been engaged to assess a software application. A production-like test environment login details - production documentation and source code have been provided. Which of the following types of testing is being described?
White box
Lets you minimize the attack surface relating to the application
Asymmetric and Hashing
Privilege escalation
42. An IT administrator wants to provide 250 staff with secure remote access to the corporate network. Which of the following BEST achieves this requirement?
VPN concentrator
SNMP (also use to monitor the parameters of network devices)
Disable unused ports
TLS
43. The security administrator implemented privacy password protected screen savers - and hired a secure shredding and disposal service. Which of the following attacks is the security administrator trying to mitigate?
The security posture is enabled on the network and remediation must take place before access is given to the visitor on that laptop.
The PC has become part of a botnet.
Firewall rulesflow of network traffic at the edge of the network
Dumpster diving - Shoulder surfing
44. An existing application has never been assessed from a security perspective. Which of the following is the BEST assessment technique in order to identify the application's security posture?
CAC
Steganography
Baseline reporting
Check if relaying is denied for unauthorized domains
45. Which of the following is a method to prevent ad-hoc configuration mistakes?
Hierarchical list of critical systems
Before and after the imaging process and then hash the forensic image
To minimize the organizational risk posed by users
Implement a change management strategy
46. For which of the following is centralized key management most complicated?
Symmetric Key
Vulnerability scan
Phishing techniques
Rogue access points
47. A set of instructions normally implemented on a computer system as a procedure to manipulate data is called a(n)?
Confidentiality
MAC address
NIPS is blocking activities from those specific websites.
Algorithm
48. Due to sensitive data concerns a security administrator has enacted a policy preventing the use of flash drives. Additionally - which of the following can the administrator implement to reduce the risk of data leakage?
Enact a policy banning users from bringing in personal music devices.
Hot and cold aisles
DMZ
VLAN
49. Which of the following should the security administrator look at FIRST when implementing an AP to gain more coverage?
Power levels
22
Man-in-the-middle
Buffer overflow
50. What asymmetric key is used to encrypt when using HTTPS?
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
