Test your basic knowledge |

Comptia Security + Exam

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A security administrator wants to determine what data is allowed to be collected from users of the corporate Internet-facing web application. Which of the following should be referenced?






2. Which of the following is not an asymmetric system?






3. You want to improve security for remote administration to several Linux web servers on the Internet. The data as well as the authentication process needs to be encrypted. Which of the following should you do?






4. You are designing a Web-based application. You design the application so that it runs under a security context that allows only those privileges required for the application to run to minimize risk in the event of an attack. This is an example of whi






5. Which of the following is the default rule found in a corporate firewall's access control list?






6. You have several computers that use the NTLM authentication protocol for client authentication. Network policy requires user passwords with at least 16 characters. What hash algorithm is used for password authentication?






7. Which of the following should NOT be used with username/password authentication?






8. What asymmetric key is used to decrypt when using HTTPS?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


9. An application log shows that the text 'test; rm -rf /etc/passwd' was entered into an HTML form. Which of the following describes the type of attack that was attempted?






10. Which of the following is a security control that is lost when using cloud computing?






11. In an 802.11n network which of the following provides the MOST secure method of both encryption and authorization?






12. Which of the following threats corresponds with an attacker targeting specific employees of a company?






13. Which of the following reduces the likelihood of a single point of failure when a server fails?






14. The security administrator notices a number of TCP connections from the development department to the test network segregation. Large volumes of data are being transmitted between the two networks only on port 22. Which of the following is MOST likel






15. Which of the following should be installed to prevent employees from receiving unsolicited emails?






16. Which of the following is true regarding the WTLS protocol?






17. What is the term used to describe the type of attack where a DNS server accepts and uses incorrect information from a host that does not have authority to supply that information?






18. NIDS can also be used to help identify...






19. Which of the following uses TCP port 22 by default?






20. A remote office is reporting they are unable to access any of the network resources from the main office. The security administrator realizes the error and corrects it. The administrator then tries to ping the router at the remote office and receives






21. Which of the following port numbers is used for SCP by default?






22. Which of the following attacks is BEST described as the interruption of network traffic accompanied by the insertion of malicious code?






23. What is the advantage of using application virtualization?






24. Upon investigation an administrator finds a suspicious system-level kernel module which modifies file system operations. This is an example of which of the following?






25. The detection of a NOOP sled is an indication of which of the following attacks?






26. You want to setup a secure method of sending and receiving email. Which two of the following protocols can be used for this purpose?






27. Your daily bandwidth monitoring report of your Internet connection shows an excessive amount of outgoing traffic on port 25. You have seen peaks in the reports before but this report shows many peaks outside office times. What should you do?






28. In order to provide flexible working conditions a company has decided to allow some employees remote access into corporate headquarters. Which of the following security technologies could be used to provide remote access?






29. How a Trojan works: A user downloads a keygen to install pirated software. After running the keygen - system performance is ________________ are displayed.






30. Which of the following environmental variables reduces the potential for static discharges?






31. Upper management decides which risk to mitigate based on cost. This is an example of:






32. Which of the following should be reviewed periodically to ensure a server maintains the correct security configuration?






33. You discover that company confidential information is being encoded into graphics files and sent to a destination outside of the company. This is an example of what kind of cryptography?






34. The 64 bit block cipher with 16 iterations giving a 56 bit key is called?






35. Which of the following is the BEST way to secure data for the purpose of retention?






36. Your organization has an existing server and you want to add a hardware device to provide encryption capabilities. What is the easiest way to accomplish this?






37. Which of the following would be the BEST action to perform when conducting a corporate vulnerability assessment?






38. Which of the following attacks is NOT aimed at fragmentation vulnerabilities of the IP stack?






39. Which type of virus is able to alter its own code to avoid being detected by anti-virus software?






40. Which of the following is specific to a buffer overflow attack?






41. A new enterprise solution is currently being evaluated due to its potential to increase the company's profit margins. The security administrator has been asked to review its security implications. While evaluating the various vulnerability scans were






42. Which of the following describes when forensic hashing should occur on a drive?






43. You are looking for ways to protect data on a network. Your solution should: Provide for easy backup of all user data.






44. Webmail is classified under which of the following cloud-based technologies?






45. Which of the following BEST explains the security benefit of a standardized server image?






46. An attacker forces a Windows service that uses the Local System account as its service account to crash. The attacker is able to access administrator-level resources as a result. What kind of attack is this?






47. A security administrator is in charge of a a hot site and a cold site. Due to a recent disaster - the administrator needs to ensure that their cold site is ready to go in case of a disaster. Which of the following does the administrator need to ensur






48. Your organization recently purchased several new laptop computers for employees. You're asked to encrypt the laptop's hard drives without purchasing any additional hardware. What would you use?






49. The security administrator is getting reports from users that they are accessing certain websites and are unable to download anything off of those sites. The security administrator is also receiving several alarms from the IDS about suspicious traffi






50. A rogue access point with the same SSID as the production wireless network is found. Which of the following BEST describes this attack?