Test your basic knowledge |

Comptia Security + Exam

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which of the following tools provides the ability to determine if an application is transmitting a password in clear-text?






2. Which of the following is an example of allowing another user physical access to a secured area without validation of their credentials?






3. Which of the following malware types is an antivirus scanner MOST unlikely to discover?






4. Several staff members working in a datacenter have reported instances of tailgating. Which of the following could be implemented to prevent this security concern?






5. You detected an intrusion and are taking the necessary steps to preserve the evidence. You want to make sure the evidence will be admissible in a court of law. What should you do?






6. Which of the following protocols is often used in combination with L2TP to add an additional layer of security?






7. Which of the following is another name for a malicious attacker?






8. Which of the following facilitates computing for heavily utilized systems and networks?






9. In order to ensure high availability of all critical backups of the main data center are done in the middle of the night and then the backup tapes are taken to an offsite location. Which of the following would ensure the minimal amount of downtime in






10. Which of the following is specific to a buffer overflow attack?






11. You are performing risk assessment for an organization. What should you do during impact assessment?






12. Which of the following should be installed to prevent employees from receiving unsolicited emails?






13. NIDS can also be used to help identify...






14. Which of the following is a best practice when securing a switch from physical access?






15. Which of the following security threats does shredding mitigate?






16. Which of the following attacks is manifested as an embedded HTML image object or JavaScript image tag in an email?






17. When examining HTTP server logs the security administrator notices that the company's online store crashes after a particular search string is executed by a single external user. Which of the following BEST describes this type of attack?






18. Which of the following devices is often used to cache and filter content?






19. Which of the following would provide the MOST reliable proof that a data center was accessed at a certain time of day?






20. Which of the following is used when performing a qualitative risk analysis?






21. Which of the following would be implemented to allow access to services while segmenting access to the internal network?






22. Logs from an IDS show that a computer has been compromised with a botnet and is actively communicating with a command and control which of the following data types will be unavailable for later investigation?






23. Which of the following environmental variables reduces the potential for static discharges?






24. Which of the following is NOT an application layer security protocol?






25. Which of the following are the default ports for HTTP and HTTPS protocols?






26. An administrator who wishes to block all database ports at the firewall should include which of the following ports in the block list?






27. Upon investigation an administrator finds a suspicious system-level kernel module which modifies file system operations. This is an example of which of the following?






28. What principle dictates that a user is given no more privilege necessary than that required to preform his/her job?






29. A security administrator wants to determine what data is allowed to be collected from users of the corporate Internet-facing web application. Which of the following should be referenced?






30. Which of the following port numbers is used for SCP by default?






31. Proper wireless antenna placement and radio power setting reduces the success of which of the following reconnaissance methods?






32. Which of the following environmental controls would BEST be used to regulate cooling within a datacenter?






33. Which of the following is a management control type?






34. Which of the following should be considered when trying to prevent somebody from capturing network traffic?






35. A user is no longer able to transfer files to the FTP server. The security administrator has verified the ports are open on the network firewall. Which of the following should the security administrator check?






36. Used in conjunction which of the following are PII?






37. Your company wants a new web server that can be accessed both by users on your internal network and by users on the Internet. You advice the company to locate the server behind the corporate firewall so it can enjoy similar protection as the internal






38. A security administrator needs to separate two departments. Which of the following would the administrator implement to perform this?






39. Which of the following network devices would MOST likely be used to detect but not react to suspicious behavior on the network?






40. Which protocol ensures private communications by ensuring that no third party can eavesdrop or tamper with any message or data transfer between client and server systems and is the successor to the secure Socket Layer (SSL)?






41. Which of the following encryption algorithms can be used in PGP for data encryption?






42. Which of the following will provide the HIGHEST level of wireless network security?






43. Which of the following can prevent an unauthorized employee from entering a data center?






44. Recovery Point Objectives and Recovery Time Objectives directly relate to which of the following BCP concepts?






45. The detection of a NOOP sled is an indication of which of the following attacks?






46. Which of the following is a technique designed to obtain information from a specific person?






47. Which of the following should be enabled to ensure only certain wireless clients can access the network?






48. The 64 bit block cipher with 16 iterations giving a 56 bit key is called?






49. A network administrator is implementing a network addressing scheme that uses a long string of both numbers and alphanumeric characters to create addressing options and avoid duplicates. Which of the following describes a protocol built for this purp






50. A user reports that their 802.11n capable interface connects and disconnects frequently to an access point that was recently installed. The user has a Bluetooth enabled laptop. A company in the next building had their wireless network breached last m