SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security + Exam
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which of the following is used for exchanging secret keys over an insecure public network?
Diffie-Hellman
Rootkit
DES
Integrity
2. Which of the following identifies some of the running services on a system?
Determine open ports
Load balancer
Cognitive passwords
Asymmetric and Hashing
3. A targeted email attack sent to the company's Chief Executive Officer (CEO) is known as which of the following?
Whaling
Hot and cold aisles
Segmentation of each wireless user from other wireless users
ICMP
4. Which of the following are accomplished when a message is digitally signed?
Run the image through SHA256. Answer: D
The web site's private key.
Integrity and Authentication
Least privilege
5. Which of the following is true concerning email message encryption by using S/MIME?
Hot and cold aisles
Deny all
Only the message data is encrypted
The development team is transferring data to test systems using SFTP and SCP.
6. Which of the following devices would allow a technician to view IP headers on a data packet?
TLS
Chain of custody
Separation of duties
Protocol analyzer
7. Users in your network are able to assign permissions to their own shared resources. Which of the following access control models is used in your network?
Social Engineering attack
Blind FTP
DES
DAC
8. A security administrator finished taking a forensic image of a computer's memory. Which of the following should the administrator do to ensure image integrity?
Data Encryption Standard (DES)
DMZ
Run the image through SHA256. Answer: D
Footprinting
9. In an 802.11n network which of the following provides the MOST secure method of both encryption and authorization?
Hot and cold aisles
WPA Enterprise
Deny all
CAC
10. Which of the following should the security administrator look at FIRST when implementing an AP to gain more coverage?
mitigation - acceptance - transference
53
Power levels
MD5
11. You want to improve security for remote administration to several Linux web servers on the Internet. The data as well as the authentication process needs to be encrypted. Which of the following should you do?
Smurf attack
Use SSH to connect to the Linux shell
Run the image through SHA256. Answer: D
se file servers attached to an NAS system.
12. During the analysis of malicious code a security analyst discovers JavaScript being used to send random data to another service on the same system. This is MOST likely an example of which of the following?
Buffer overflow
Segmentation of each wireless user from other wireless users
Hierarchical list of critical systems
Lets you minimize the attack surface relating to the application
13. You discover that company confidential information is being encoded into graphics files and sent to a destination outside of the company. This is an example of what kind of cryptography?
Steganography
Account disablement
Mandatory vacations
ACLs
14. When examining HTTP server logs the security administrator notices that the company's online store crashes after a particular search string is executed by a single external user. Which of the following BEST describes this type of attack?
Smurf attack
It is used to provide data encryption for WAP connections.
DoS
Availability
15. What principle requires that for a particular set of transactions - no one individual is solely responsible or allowed to execute the complete set?
Protocol analyzer
Polymorphic
Pharming - Logic bomb
Separation of duties
16. Which of the following tools provides the ability to determine if an application is transmitting a password in clear-text?
Risk transference
Protocol analyzer
Buffer overflow
Enact a policy banning users from bringing in personal music devices.
17. You are designing a Web-based application. You design the application so that it runs under a security context that allows only those privileges required for the application to run to minimize risk in the event of an attack. This is an example of whi
Data Encryption Standard (DES)
White box
Principle of least privilege
War driving
18. DRPs should contain which of the following?
Before and after the imaging process and then hash the forensic image
Phishing techniques
Business impact analysis
Hierarchical list of critical systems
19. Which of the following would provide the MOST reliable proof that a data center was accessed at a certain time of day?
Change Management System
TLS
Implicit deny
Video surveillance
20. What principle dictates that a user is given no more privilege necessary than that required to preform his/her job?
Business impact analysis
Principle of least privilege
Integrity
Botnet
21. Which of the following is a technique designed to obtain information from a specific person?
IPSec
Spear phishing
Social Engineering attack
Baseline reporting
22. You need to advise a new wiring system for a company with several locations partly open to the public. A primary requirement is to make tapping into the network as difficult as possible. Which of the following cable types should you advice?
Logic Bomb
Fiber optic
Software as a Service
CCTV
23. Which of the following is a security control that is lost when using cloud computing?
SYN attacks
Spam filters
Organize data based on severity and asset value.
Physical control of the data
24. Which of the following is the BEST way to secure data for the purpose of retention?
Botnet
content inspection.
Off-site backup
Principle of least privilege
25. How a Trojan works: A user downloads a keygen to install pirated software. After running the keygen - system performance is ________________ are displayed.
Power levels
extremely slow and numerous antivirus alerts
TCP SYN flood attack
Before and after the imaging process and then hash the forensic image
26. Performing routine security audits is a form of which of the following controls?
FTPS
Detective
Spear phishing
Software as a Service
27. Which of the following describes a passive attempt to identify weaknesses?
Cross-site scripting
User rights and permissions reviews
NOOP instructions
Vulnerability scanning
28. Which of the following should NOT be used with username/password authentication?
Detective
Social Engineering attack
Spam filters
Cognitive passwords
29. Which of the following web application security weaknesses can be mitigated by preventing the use of HTML tags?
Mantrap
Cross-site scripting
Footprinting
NOOP instructions
30. Which of the following BEST describes the proper method and reason to implement port security?
Hardware RAID 5 - Software RAID 1
escalation of privileges.
Apply a security control which ties specific ports to end-device MAC addresses and prevents additional devices from being connected to the network.
Principle of least privilege
31. An application log shows that the text 'test; rm -rf /etc/passwd' was entered into an HTML form. Which of the following describes the type of attack that was attempted?
Command injection
Footprinting
Dumpster diving - Shoulder surfing
Firewall rulesflow of network traffic at the edge of the network
32. A web application has been found to be vulnerable to a SQL injection attack. Which of the following BEST describes the required remediation action?
To minimize the organizational risk posed by users
Rogue access points
Add input validation to forms.
MAC
33. Upper management decides which risk to mitigate based on cost. This is an example of:
1433
Rootkit
Loop protection
quantitative risk assessment
34. A remote office is reporting they are unable to access any of the network resources from the main office. The security administrator realizes the error and corrects it. The administrator then tries to ping the router at the remote office and receives
Risk transference
The remote router has ICMP blocked.
DoS
DES
35. A user reports that their 802.11n capable interface connects and disconnects frequently to an access point that was recently installed. The user has a Bluetooth enabled laptop. A company in the next building had their wireless network breached last m
The new access point was mis-configured and is interfering with another nearby access point.
User rights
Lets you minimize the attack surface relating to the application
25
36. You detected an intrusion and are taking the necessary steps to preserve the evidence. You want to make sure the evidence will be admissible in a court of law. What should you do?
Dumpster diving - Shoulder surfing
Ensure a proper chain of custody
SSH - SCP - and SFTP (the MOST secure method to transfer files from a host machine)
Data Encryption Standard (DES)
37. You are performing risk assessment for an organization. What should you do during impact assessment?
Determine the potential monetary costs related to a threat
TLS
NIDS
Shoulder surfing
38. A bulk update process fails and writes incorrect data throughout the database. Which of the following concepts describes what has been compromised?
By masking the IP address of internal computers from the Internet
SSL
Integrity
Dumpster diving
39. Which of the following devices BEST allows a security administrator to identify malicious activity after it has occurred?
Principle of least privilege
Asset value
IDS
NOOP instructions
40. Actively monitoring data streams in search of malicious code or behavior is an example of..
BIOS
Confidentiality
content inspection.
War driving
41. On-going annual awareness security training should be coupled with:..
CCTV
Confidentiality - Availability
signing of a user agreement.
Location that meets power and connectivity requirementsdatacenter
42. What are typical elements of authentication as part of physical access controls?
ID badges
Clustering
Steganography
Cross-site scripting
43. Which of the following is used when performing a quantitative risk analysis?
DAC
Load balancer
Asset value
IPv6
44. The server log shows 25 SSH login sessions it is a large company and the administrator does not know if this is normal behavior or if the network is under attack. Where should the administrator look to determine if this is normal behavior?
Virtual servers have the same information security requirements as physical servers.
Baseline reporting
SSH - SCP - and SFTP (the MOST secure method to transfer files from a host machine)
User rights and permissions reviews
45. What fire suppression method should be used to extinguish an electrical fire in one of the racks in the server room?
Gas
Vulnerability scanning
Hot and cold aisles
Block port 23 on the network firewall.
46. Which of the following devices is used to optimize and distribute data workloads across multiple computers or networks?
Add input validation to forms.
FTPS
Trojans
Load balancer
47. Which of the following describes the purpose of chain of custody as applied to forensic image retention?
To provide documentation as to who has handled the evidence
Validate input to remove hypertext
Principle of least privilege
53
48. Which of the following is a reason to perform user awareness and training?
To minimize the organizational risk posed by users
content inspection.
Rogue access points
FTPS
49. Which of the following would be implemented to allow access to services while segmenting access to the internal network?
Availability
DMZ
Spear phishing
Protocol analyzer
50. Which of the following is MOST relevant to a buffer overflow attack?
Minimize risk of physical data theft. - Minimize the impact of the failure of any one file server.
Account disablement
NOOP instructions
ACLs
Link to This Test
Related Subjects
Soft Skills
Business Skills
