Test your basic knowledge |

Comptia Security + Exam

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which of the following should the security administrator look at FIRST when implementing an AP to gain more coverage?






2. Which of the following concepts ensures that the data is only viewable to authorized users?






3. You are performing risk assessment for an organization. What should you do during impact assessment?






4. Proper wireless antenna placement and radio power setting reduces the success of which of the following reconnaissance methods?






5. Which protocol ensures private communications by ensuring that no third party can eavesdrop or tamper with any message or data transfer between client and server systems and is the successor to the secure Socket Layer (SSL)?






6. Which of the following BEST describes the proper method and reason to implement port security?






7. Which of the following is a security control that is lost when using cloud computing?






8. Which of the following can prevent an unauthorized employee from entering a data center?






9. You installed a new e-commerce application on your web server that will allow your company to take orders from their website. You want to ensure that information that customers enter into their web browser is sent securely to the web server. Which of






10. A network administrator is implementing a network addressing scheme that uses a long string of both numbers and alphanumeric characters to create addressing options and avoid duplicates. Which of the following describes a protocol built for this purp






11. Which of the following is a method to prevent ad-hoc configuration mistakes?






12. Which of the following devices is often used to cache and filter content?






13. You are determining environmental control requirements for a data center that will contain several computers? What is the role of an HVAC system in this environment?






14. What is the term used to describe the type of attack where a DNS server accepts and uses incorrect information from a host that does not have authority to supply that information?






15. Which of the following protocols should be blocked at the network perimeter to prevent host enumeration by sweep devices?






16. Which of the following is a technique designed to obtain information from a specific person?






17. An administrator is taking an image of a server and converting it to a virtual instance. Which of the following BEST describes the information security requirements of a virtualized server?






18. A new enterprise solution is currently being evaluated due to its potential to increase the company's profit margins. The security administrator has been asked to review its security implications. While evaluating the various vulnerability scans were






19. Which of the following describes a passive attempt to identify weaknesses?






20. A security administrator wants to determine what data is allowed to be collected from users of the corporate Internet-facing web application. Which of the following should be referenced?






21. The security administrator implemented privacy password protected screen savers - and hired a secure shredding and disposal service. Which of the following attacks is the security administrator trying to mitigate?






22. The 64 bit block cipher with 16 iterations giving a 56 bit key is called?






23. Which of the following threats corresponds with an attacker targeting specific employees of a company?






24. Which of the following is a reason to perform user awareness and training?






25. What key is used to encrypt an HTTPS session?






26. What is the term used to describe the type of FTP access in which the user does not have permissions to list the content of directories but can access the contents if he knows the path and file name?






27. Which of the following includes a photo and can be used for identification?






28. Which of the following is an example of allowing another user physical access to a secured area without validation of their credentials?






29. By default which of the following stops network traffic when the traffic is not identified in the firewall ruleset?






30. Which of the following manages peer authentication and key exchange for an IPSec connection?






31. Which of the following malware types is an antivirus scanner MOST unlikely to discover?






32. Which of the following environmental controls would BEST be used to regulate cooling within a datacenter?






33. A technician needs to limit the wireless signal from reaching outside of a building. Which of the following actions should the technician take?






34. A web application has been found to be vulnerable to a SQL injection attack. Which of the following BEST describes the required remediation action?






35. User in your department complain about a slow Internet connection. You monitor the external interface of your company's border router and notice a huge mount of half-open TCP connections. What type of attack is your company currently a victim of?






36. Used in conjunction which of the following are PII?






37. Users of specific systems are reporting that their data has been corrupted. After a recent patch update to those systems the users are still reporting issues of data being corrupt. Which of the following assessment techniques need to be performed to






38. A system administrator could have a user level account and an administrator account to prevent:...






39. What fire suppression method should be used to extinguish an electrical fire in one of the racks in the server room?






40. In order to ensure high availability of all critical backups of the main data center are done in the middle of the night and then the backup tapes are taken to an offsite location. Which of the following would ensure the minimal amount of downtime in






41. In order to provide flexible working conditions a company has decided to allow some employees remote access into corporate headquarters. Which of the following security technologies could be used to provide remote access?






42. A small company needs to invest in a new expensive database. The company's budget does not include the purchase of additional servers or personnel. Which of the following solutions would allow the small company to save money on hiring additional pers






43. Which of the following devices BEST allows a security administrator to identify malicious activity after it has occurred?






44. Which of the following wireless security controls can be easily and quickly circumvented using only a network sniffer?






45. Which of the following port numbers is used for SCP by default?






46. Two systems are being designed. System A has a high availability requirement. System B has a high security requirement with less emphasis on system uptime. Which of the following configurations BEST fits the need for each system?






47. Applying detailed instructions to manage the including allowing or denying traffic based on port - protocol - address - or direction is an implementation of which of the following?






48. Performing routine security audits is a form of which of the following controls?






49. Which of the following is specific to a buffer overflow attack?






50. A rogue access point with the same SSID as the production wireless network is found. Which of the following BEST describes this attack?