Test your basic knowledge |

Comptia Security + Exam

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which of the following allows a security administrator to set device traps?






2. Network users whose computers are running Windows7 complain that the extra windows that appear when they browse the Internet are becoming a nuisance. You need to minimize how often these windows appear. What should you do?






3. Which environmental control is part of TEMPEST compliance?






4. Isolation mode on an AP provides which of the following functionality types?






5. You installed a new e-commerce application on your web server that will allow your company to take orders from their website. You want to ensure that information that customers enter into their web browser is sent securely to the web server. Which of






6. Which of the following should the security administrator look at FIRST when implementing an AP to gain more coverage?






7. Which of the following devices is used to optimize and distribute data workloads across multiple computers or networks?






8. An administrator identifies a security issue on but does not attempt to exploit it. Which of the following describes what the administrator has done?






9. A security engineer is troubleshooting a server which cannot be reached from the Internet or the internal network. All other servers on the DMZ are able to communicate with this server. Which of the following is the MOST likely cause?






10. A security administrator with full administrative rights on the network is forced to temporarily take time off of their duties. Which of the following describes this form of access control?






11. A company needs to be able to prevent entry at all times - to a highly sensitive area inside a public building. In order to ensure the BEST type of physical security - which of the following should be implemented?






12. Which of the following network devices would MOST likely be used to detect but not react to suspicious behavior on the network?






13. Which of the following web application security weaknesses can be mitigated by preventing the use of HTML tags?






14. Which of the following identifies some of the running services on a system?






15. Which of the following malware types is an antivirus scanner MOST unlikely to discover?






16. Which of the following risks may result from improper use of social networking and P2P software?






17. You are designing a Web-based application. You design the application so that it runs under a security context that allows only those privileges required for the application to run to minimize risk in the event of an attack. This is an example of whi






18. A user is no longer able to transfer files to the FTP server. The security administrator has verified the ports are open on the network firewall. Which of the following should the security administrator check?






19. What key is used to encrypt an HTTPS session?






20. NIDS can also be used to help identify...






21. Which of the following protocols is often used in combination with L2TP to add an additional layer of security?






22. An existing application has never been assessed from a security perspective. Which of the following is the BEST assessment technique in order to identify the application's security posture?






23. Which of the following is NOT an application layer security protocol?






24. What port does the Domain Name Service (DNS) use by default?






25. Which of the following is used when performing a qualitative risk analysis?






26. Which of the following logical controls does a flood guard protect against?






27. Users of specific systems are reporting that their data has been corrupted. After a recent patch update to those systems the users are still reporting issues of data being corrupt. Which of the following assessment techniques need to be performed to






28. An administrator is updating firmware on routers throughout the company. Where should the administrator document this work?






29. Which of the following is the BEST way to secure data for the purpose of retention?






30. Which of the following is specific to a buffer overflow attack?






31. Which of the following port numbers is used for SCP by default?






32. You detected an intrusion and are taking the necessary steps to preserve the evidence. You want to make sure the evidence will be admissible in a court of law. What should you do?






33. A security administrator is tasked with ensuring that all servers are highly available and that hard drive failure will not affect an individual server. Which of the following configurations will allow for high availability?






34. An IT administrator wants to provide 250 staff with secure remote access to the corporate network. Which of the following BEST achieves this requirement?






35. Several staff members working in a datacenter have reported instances of tailgating. Which of the following could be implemented to prevent this security concern?






36. Data can potentially be stolen from a disk screen-lock protected - smartphone by which of the following?






37. You are determining environmental control requirements for a data center that will contain several computers? What is the role of an HVAC system in this environment?






38. Used in conjunction which of the following are PII?






39. Upon investigation an administrator finds a suspicious system-level kernel module which modifies file system operations. This is an example of which of the following?






40. Which of the following is the default rule found in a corporate firewall's access control list?






41. Instead of giving a security administrator full the administrator is given rights only to review logs and update security related network devices. Additional rights are handed out to network administrators for the areas that fall within their job des






42. A targeted email attack sent to the company's Chief Executive Officer (CEO) is known as which of the following?






43. Separating of duties is valuable in deterring?






44. Which of the following is not an asymmetric system?






45. You need to advise a new wiring system for a company with several locations partly open to the public. A primary requirement is to make tapping into the network as difficult as possible. Which of the following cable types should you advice?






46. You want to setup a secure method of sending and receiving email. Which two of the following protocols can be used for this purpose?






47. Upper management decides which risk to mitigate based on cost. This is an example of:






48. Which of the following would be implemented to allow access to services while segmenting access to the internal network?






49. Logs from an IDS show that a computer has been compromised with a botnet and is actively communicating with a command and control which of the following data types will be unavailable for later investigation?






50. Which of the following should a security administrator implement to prevent users from disrupting network connectivity if a user connects both ends of a network cable to different switch ports?