SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security + Exam
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which environmental control is part of TEMPEST compliance?
TPM
Hierarchical list of critical systems
DES
Shielding
2. How does a NAT server help protect your network?
Mandatory vacation
MS-CHAP
Minimize risk of physical data theft. - Minimize the impact of the failure of any one file server.
By masking the IP address of internal computers from the Internet
3. A company that purchases insurance to reduce risk is an example of which of the following?
CCTV
Command injection
Risk transference
Asymmetric and Hashing
4. Your daily bandwidth monitoring report of your Internet connection shows an excessive amount of outgoing traffic on port 25. You have seen peaks in the reports before but this report shows many peaks outside office times. What should you do?
Virtual servers have the same information security requirements as physical servers.
ID badges
Check if relaying is denied for unauthorized domains
Gas
5. What can you prevent when you deploy wireless devices inside a TEMPEST-certified building?
War driving
Hierarchical list of critical systems
signing of a user agreement.
Content filtering
6. A user reports that their 802.11n capable interface connects and disconnects frequently to an access point that was recently installed. The user has a Bluetooth enabled laptop. A company in the next building had their wireless network breached last m
Software as a Service
The new access point was mis-configured and is interfering with another nearby access point.
Fraud
Multi-factor authentication.
7. Due to sensitive data concerns a security administrator has enacted a policy preventing the use of flash drives. Additionally - which of the following can the administrator implement to reduce the risk of data leakage?
Blind FTP
Enact a policy banning users from bringing in personal music devices.
Location that meets power and connectivity requirementsdatacenter
Baseline reporting
8. A security administrator needs to implement a site-to-site VPN tunnel between the main office and a remote branch. Which of the following protocols should be used for the tunnel?
Shoulder surfing
Mandatory vacation
IPSec
War driving
9. A system administrator could have a user level account and an administrator account to prevent:...
Rogue access points
User rights and permissions reviews
escalation of privileges.
Baseline reporting
10. Which of the following is MOST relevant to a buffer overflow attack?
BIOS
NOOP instructions
The security posture is enabled on the network and remediation must take place before access is given to the visitor on that laptop.
Add input validation to forms.
11. A visitor plugs their laptop into the network and receives a warning about their antivirus being out of-date along with various patches that are missing. The visitor is unable to access the Internet or any network resources. Which of the following is
Ensure a proper chain of custody
Provide an appropriate ambient temperature and Maintain appropriate humidity levels
The web site's public key.
The security posture is enabled on the network and remediation must take place before access is given to the visitor on that laptop.
12. A security engineer is troubleshooting a server which cannot be reached from the Internet or the internal network. All other servers on the DMZ are able to communicate with this server. Which of the following is the MOST likely cause?
Visibility - Accessibility - Neighborhood crime rate
Symmetric Key
To ensure that staff understands what data they are handling and processing
The server is missing the default gateway.
13. A user receives an automated call which appears to be from their bank. The automated recording provides details about the bank's privacy policy security policy and requests that the user clearly state their name - birthday and enter the banking detai
Location that meets power and connectivity requirementsdatacenter
Vishing
To provide documentation as to who has handled the evidence
Implement a change management strategy
14. What is the advantage of using application virtualization?
DNS spoofing
VLAN
Account disablement
Lets you minimize the attack surface relating to the application
15. Which of the following malicious code will do its objectionable deed after a predetermined action takes place or at a specific time?
Separation of duties
Logic Bomb
Social Engineering attack
Add input validation to forms.
16. Which of the following would provide the MOST reliable proof that a data center was accessed at a certain time of day?
War driving
DoS
Video surveillance
Risk assessmentproduct Answer: D
17. Which of the following should NOT be used with username/password authentication?
Social Engineering attack
Cognitive passwords
Business impact analysis
Visibility - Accessibility - Neighborhood crime rate
18. Which of the following facilitates computing for heavily utilized systems and networks?
Location that meets power and connectivity requirementsdatacenter
Determine the potential monetary costs related to a threat
Provider cloud
Trojans
19. A security administrator is tasked with revoking the access of a terminated employee. Which of the following account policies MUST be enacted to ensure the employee no longer has access to the network?
Account disablement
25
Fraud
AES and TKIP
20. A bulk update process fails and writes incorrect data throughout the database. Which of the following concepts describes what has been compromised?
Block port 23 on the network firewall.
Social Engineering attack
Integrity
MAC
21. Performing routine security audits is a form of which of the following controls?
Detective
Evil twin
Clustering
Command injection
22. Which of the following is used when performing a qualitative risk analysis?
War driving
Judgment
VPN concentrator
Memory - network processes - and system processesserver. If the computer is powered off
23. Which of the following concepts ensures that the data is only viewable to authorized users?
Multi-factor authentication.
IPSec
Confidentiality
To ensure that staff understands what data they are handling and processing
24. In which of the following locations would a forensic analyst look to find a hooked process?
Privilege escalation
BIOS
Run the image through SHA256. Answer: D
Confidentiality - Availability
25. Several staff members working in a datacenter have reported instances of tailgating. Which of the following could be implemented to prevent this security concern?
Mantraps
By masking the IP address of internal computers from the Internet
Run the image through SHA256. Answer: D
The security posture is enabled on the network and remediation must take place before access is given to the visitor on that laptop.
26. What principle requires that for a particular set of transactions - no one individual is solely responsible or allowed to execute the complete set?
Dumpster diving
Segmentation of each wireless user from other wireless users
Separation of duties
Algorithm
27. Which of the following should the security administrator look at FIRST when implementing an AP to gain more coverage?
NOOP instructions
WPA Enterprise
Power levels
Baseline reporting
28. Webmail is classified under which of the following cloud-based technologies?
Black hat
Dumpster diving - Shoulder surfing
MAC
Software as a Service (SaaS)
29. You are designing a secure application environment. You need to ensure that data is kept as secure as possible. You need to select the strictest access control model. What access control model should you use?
MAC
Multi-factor authentication.
Rootkit
Buffer overflow
30. Separating of duties is valuable in deterring?
Fraud
DMZ
Tailgating
System A fails open. System B fails closed.
31. Which of the following assists in identifying if a system was properly handled during transport?
Spear phishing
Network Access Control
Chain of custody
DES
32. A rogue access point with the same SSID as the production wireless network is found. Which of the following BEST describes this attack?
Evil twin
User rights and permissions reviews
signing of a user agreement.
Diffie-Hellman
33. Which of the following describes a passive attempt to identify weaknesses?
Vulnerability scanning
CCTV
Confidentiality - Availability
Configure the IE popup blockers
34. Which of the following environmental variables reduces the potential for static discharges?
Humidity
IPSec
Block port 23 on the network firewall.
To minimize the organizational risk posed by users
35. Which of the following is true concerning email message encryption by using S/MIME?
Hot and cold aisles
Only the message data is encrypted
Clean desk policy
Cross-site scripting
36. Your organization has an existing server and you want to add a hardware device to provide encryption capabilities. What is the easiest way to accomplish this?
Vishing
Asset value
HSM
TPM
37. Proper wireless antenna placement and radio power setting reduces the success of which of the following reconnaissance methods?
War driving
Firewall rulesflow of network traffic at the edge of the network
DNS spoofing
Asymmetric and Hashing
38. Your organization recently purchased several new laptop computers for employees. You're asked to encrypt the laptop's hard drives without purchasing any additional hardware. What would you use?
DoS
TPM
MAC
Organize data based on severity and asset value.
39. What asymmetric key is used to decrypt when using HTTPS?
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
40. What types of encryption are used for adding a digital signature to a message?
Asymmetric and Hashing
Minimize risk of physical data theft. - Minimize the impact of the failure of any one file server.
Off-site backup
Block port 23 on the network firewall.
41. A set of instructions normally implemented on a computer system as a procedure to manipulate data is called a(n)?
Algorithm
Spam filters
Virtual servers have the same information security requirements as physical servers.
Business impact analysis
42. Which of the following risks may result from improper use of social networking and P2P software?
smurf attacks
Mandatory vacation
Spam filters
Information disclosure
43. Which of the following wireless security controls can be easily and quickly circumvented using only a network sniffer?
AC filtering - Disabled SSID broadcast
Power levels
Off-site backup
IKE
44. Which of the following port numbers is used for SCP by default?
22
extremely slow and numerous antivirus alerts
HSM
IDEA and TripleDes
45. Which of the following is MOST likely to be the last rule contained on any firewall?
Security guard - Proximity reader
Implicit deny
Asset value
Birthday - Full name
46. Which of the following includes a photo and can be used for identification?
Multi-factor authentication.
CAC
Spear phishing
Least privilege
47. Which of the following is used for exchanging secret keys over an insecure public network?
Risk transference
Pharming - Logic bomb
Only the message data is encrypted
Diffie-Hellman
48. Which solution should you use?
se file servers attached to an NAS system.
MAC address
A worm is self-replicating
Birthday - Full name
49. On-going annual awareness security training should be coupled with:..
Software as a Service
signing of a user agreement.
Buffer overflow
Evil twin
50. An administrator who wishes to block all database ports at the firewall should include which of the following ports in the block list?
SSL
escalation of privileges.
Rootkit
1433
