Test your basic knowledge |

Comptia Security + Exam

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which of the following is the MAIN reason to require data labeling?






2. Which of the following may cause a user connected to a NAC-enabled network - to not be prompted for credentials?


3. Which of the following will educate employees about malicious attempts from an attacker to obtain bank account information?






4. Users in your company use a smart card and fingerprint scan to authenticate to the network. Which of the following authentication methods is used in your company?






5. For which of the following is centralized key management most complicated?






6. A technician needs to limit the wireless signal from reaching outside of a building. Which of the following actions should the technician take?






7. Which of the following attacks is manifested as an embedded HTML image object or JavaScript image tag in an email?






8. Which of the following are accomplished when a message is digitally signed?






9. Which of the following threats corresponds with an attacker targeting specific employees of a company?






10. Which of the following ports would a security administrator block if the administrator wanted to stop users from accessing outside SMTP services?






11. The detection of a NOOP sled is an indication of which of the following attacks?






12. What principle requires that for a particular set of transactions - no one individual is solely responsible or allowed to execute the complete set?






13. A targeted email attack sent to the company's Chief Executive Officer (CEO) is known as which of the following?






14. The 64 bit block cipher with 16 iterations giving a 56 bit key is called?






15. Which of the following protocols is often used in combination with L2TP to add an additional layer of security?






16. The security administrator implemented privacy password protected screen savers - and hired a secure shredding and disposal service. Which of the following attacks is the security administrator trying to mitigate?






17. A company needs to be able to prevent entry at all times - to a highly sensitive area inside a public building. In order to ensure the BEST type of physical security - which of the following should be implemented?






18. Which of the following is a reason to perform user awareness and training?






19. A web application has been found to be vulnerable to a SQL injection attack. Which of the following BEST describes the required remediation action?






20. Which type of virus is able to alter its own code to avoid being detected by anti-virus software?






21. A visitor plugs their laptop into the network and receives a warning about their antivirus being out of-date along with various patches that are missing. The visitor is unable to access the Internet or any network resources. Which of the following is






22. Which of the following wireless security controls can be easily and quickly circumvented using only a network sniffer?






23. Which of the following attacks is BEST described as the interruption of network traffic accompanied by the insertion of malicious code?






24. Which of the following should NOT be used with username/password authentication?






25. The security administrator is getting reports from users that they are accessing certain websites and are unable to download anything off of those sites. The security administrator is also receiving several alarms from the IDS about suspicious traffi






26. Which of the following BEST describes the proper method and reason to implement port security?






27. Which of the following is a method to prevent ad-hoc configuration mistakes?






28. Which of the following malicious code will do its objectionable deed after a predetermined action takes place or at a specific time?






29. Which of the following devices BEST allows a security administrator to identify malicious activity after it has occurred?






30. Which of the following is not an asymmetric system?






31. What principle dictates that a user is given no more privilege necessary than that required to preform his/her job?






32. What are typical elements of authentication as part of physical access controls?






33. A system administrator could have a user level account and an administrator account to prevent:...






34. Which of the following attacks is NOT aimed at fragmentation vulnerabilities of the IP stack?






35. Which of the following security threats does shredding mitigate?






36. Your company wants a new web server that can be accessed both by users on your internal network and by users on the Internet. You advice the company to locate the server behind the corporate firewall so it can enjoy similar protection as the internal






37. You need to advise a new wiring system for a company with several locations partly open to the public. A primary requirement is to make tapping into the network as difficult as possible. Which of the following cable types should you advice?






38. Which of the following MUST a programmer implement to prevent cross-site scripting?






39. A security administrator is tasked with ensuring that all servers are highly available and that hard drive failure will not affect an individual server. Which of the following configurations will allow for high availability?






40. A security administrator wants to know which systems are more susceptible to an attack compared to other systems on the network. Which of the following assessment tools would be MOST effective?






41. Applying detailed instructions to manage the including allowing or denying traffic based on port - protocol - address - or direction is an implementation of which of the following?






42. Which of the following BEST describes an intrusion prevention system?






43. An attacker forces a Windows service that uses the Local System account as its service account to crash. The attacker is able to access administrator-level resources as a result. What kind of attack is this?






44. Based on logs from file servers remote access systems - and IDS - a malicious insider was stealing data using a personal laptop while connected by VPN. The affected company wants access to the laptop to determine loss - but the insider's lawyer insis






45. Which of the following is a technique designed to obtain information from a specific person?






46. Which of the following should be performed on a computer to protect the operating system from malicious software?






47. Users in your network are able to assign permissions to their own shared resources. Which of the following access control models is used in your network?






48. A security administrator finished taking a forensic image of a computer's memory. Which of the following should the administrator do to ensure image integrity?






49. An application log shows that the text 'test; rm -rf /etc/passwd' was entered into an HTML form. Which of the following describes the type of attack that was attempted?






50. Logs from an IDS show that a computer has been compromised with a botnet and is actively communicating with a command and control which of the following data types will be unavailable for later investigation?