Test your basic knowledge |

Comptia Security + Exam

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Webmail is classified under which of the following cloud-based technologies?
Memory - network processes - and system processesserver. If the computer is powered off
Software as a Service (SaaS)
Principle of least privilege
Dumpster diving

2. Which of the following is used for exchanging secret keys over an insecure public network?
Mandatory vacations
Mantrap
The remote router has ICMP blocked.
Diffie-Hellman

3. A web application has been found to be vulnerable to a SQL injection attack. Which of the following BEST describes the required remediation action?
Segmentation of each wireless user from other wireless users
EMI shielding
Forward to different RDP listening ports.
Add input validation to forms.

4. What port does the Domain Name Service (DNS) use by default?
Rogue access points
mitigation - acceptance - transference
53
SSH - SCP - and SFTP (the MOST secure method to transfer files from a host machine)

5. What principle requires that for a particular set of transactions - no one individual is solely responsible or allowed to execute the complete set?
HSM
Separation of duties
Privilege escalation
Tailgating

6. Which of the following is a security control that is lost when using cloud computing?
Mantrap
Baseline reporting
Physical control of the data
Provide an appropriate ambient temperature and Maintain appropriate humidity levels

7. Your daily bandwidth monitoring report of your Internet connection shows an excessive amount of outgoing traffic on port 25. You have seen peaks in the reports before but this report shows many peaks outside office times. What should you do?
1433
Symmetric Key
A worm is self-replicating
Check if relaying is denied for unauthorized domains

8. Which of the following environmental controls would BEST be used to regulate cooling within a datacenter?
content inspection.
Least privilege
Hot and cold aisles
MS-CHAP

9. A set of instructions normally implemented on a computer system as a procedure to manipulate data is called a(n)?
Information disclosure
It is used to provide data encryption for WAP connections.
1433
Algorithm

10. Which of the following is a management control type?
Off-site backup
VPN concentrator
Vulnerability scanning
WPA2

11. Due to sensitive data concerns a security administrator has enacted a policy preventing the use of flash drives. Additionally - which of the following can the administrator implement to reduce the risk of data leakage?
Confidentiality
CAC
Enact a policy banning users from bringing in personal music devices.
Clean desk policy

12. A critical system in the datacenter is not connected to a UPS. The security administrator has coordinated an authorized service interruption to resolve this issue. This is an example of which of the following?
Video surveillance
Fault tolerance
ICMP
MS-CHAP

13. The security administrator implemented privacy password protected screen savers - and hired a secure shredding and disposal service. Which of the following attacks is the security administrator trying to mitigate?
Check if relaying is denied for unauthorized domains
Dumpster diving - Shoulder surfing
quantitative risk assessment
The development team is transferring data to test systems using SFTP and SCP.

14. A user reports that their 802.11n capable interface connects and disconnects frequently to an access point that was recently installed. The user has a Bluetooth enabled laptop. A company in the next building had their wireless network breached last m
It is used to provide data encryption for WAP connections.
25
The new access point was mis-configured and is interfering with another nearby access point.
Firewall rulesflow of network traffic at the edge of the network

15. An attacker forces a Windows service that uses the Local System account as its service account to crash. The attacker is able to access administrator-level resources as a result. What kind of attack is this?
DoS
The security posture is enabled on the network and remediation must take place before access is given to the visitor on that laptop.
Vulnerability scan
Privilege escalation

16. An administrator is taking an image of a server and converting it to a virtual instance. Which of the following BEST describes the information security requirements of a virtualized server?
Virtual servers have the same information security requirements as physical servers.
Validate input to remove hypertext
Disable unused ports
A system that stops an attack in progress.

17. Which of the following authentication protocols utilizes the MD4 hashing algorithm?
Pharming - Logic bomb
Platform as a Service
MS-CHAP
Before and after the imaging process and then hash the forensic image

18. User in your department complain about a slow Internet connection. You monitor the external interface of your company's border router and notice a huge mount of half-open TCP connections. What type of attack is your company currently a victim of?
S/MIME PGP
TCP SYN flood attack
Chain of custody
Confidentiality - Availability

19. Network users whose computers are running Windows7 complain that the extra windows that appear when they browse the Internet are becoming a nuisance. You need to minimize how often these windows appear. What should you do?
Configure the IE popup blockers
Fiber optic
System A fails open. System B fails closed.
Fault tolerance

20. A security administrator working for a health insurance company needs to protect customer data by installing an HVAC system and a mantrap in the data center. Which of the following are being addressed?
Symmetric Key
Confidentiality - Availability
Power levels
Vulnerability scanning

21. Which of the following is MOST likely to be the last rule contained on any firewall?
Blind FTP
The server is missing the default gateway.
Implicit deny
Least privilege

22. Which of the following is the MAIN reason to require data labeling?
To minimize the organizational risk posed by users
se file servers attached to an NAS system.
To ensure that staff understands what data they are handling and processing
Vulnerability scanning

23. Which of the following describes the purpose of chain of custody as applied to forensic image retention?
Detective
To provide documentation as to who has handled the evidence
Location that meets power and connectivity requirementsdatacenter
Disable unused services - Update HIPS signatures

24. Which of the following MUST a programmer implement to prevent cross-site scripting?
VLAN segregation
DES
Validate input to remove hypertext
Man-in-the-middle

25. A security administrator with full administrative rights on the network is forced to temporarily take time off of their duties. Which of the following describes this form of access control?
Location that meets power and connectivity requirementsdatacenter
se file servers attached to an NAS system.
The security posture is enabled on the network and remediation must take place before access is given to the visitor on that laptop.
Mandatory vacation

26. Upon investigation an administrator finds a suspicious system-level kernel module which modifies file system operations. This is an example of which of the following?
Rootkit
MD5
BIOS
Social Engineering attack

27. An administrator who wishes to block all database ports at the firewall should include which of the following ports in the block list?
Integrity and Authentication
extremely slow and numerous antivirus alerts
SYN attacks
1433

28. A targeted email attack sent to the company's Chief Executive Officer (CEO) is known as which of the following?
VLAN segregation
Business impact analysis
Whaling
Dumpster diving - Shoulder surfing

29. A security firm has been engaged to assess a software application. A production-like test environment login details - production documentation and source code have been provided. Which of the following types of testing is being described?
White box
User rights
Dumpster diving - Shoulder surfing
Data Encryption Standard (DES)

30. A user receives an automated call which appears to be from their bank. The automated recording provides details about the bank's privacy policy security policy and requests that the user clearly state their name - birthday and enter the banking detai
PEAP-TLS
Before and after the imaging process and then hash the forensic image
Physical control of the data
Vishing

31. With which of the following is RAID MOST concerned?
Physical control of the data
Availability
Run the image through SHA256. Answer: D
MAC

32. While browsing the Internet an administrator notices their browser behaves erratically - appears to download something - and then crashes. Upon restarting the PC - the administrator notices performance is extremely slow and there are hundreds of outb
A worm is self-replicating
SSH - SCP - and SFTP (the MOST secure method to transfer files from a host machine)
Minimize risk of physical data theft. - Minimize the impact of the failure of any one file server.
The PC has become part of a botnet.

33. What are typical elements of authentication as part of physical access controls?
TPM
ID badges
Confidentiality - Availability
Initial vector

34. What fire suppression method should be used to extinguish an electrical fire in one of the racks in the server room?
Birthday - Full name
Protocol analyzer
Vulnerability scan
Gas

35. You are designing a Web-based application. You design the application so that it runs under a security context that allows only those privileges required for the application to run to minimize risk in the event of an attack. This is an example of whi
Rogue access point
Implement a change management strategy
Minimize risk of physical data theft. - Minimize the impact of the failure of any one file server.
Principle of least privilege

36. Which of the following is the primary difference between a virus and a worm?
Multi-factor authentication.
SNMP (also use to monitor the parameters of network devices)
A worm is self-replicating
Gas

37. Which of the following describes a passive attempt to identify weaknesses?
22
Vulnerability scanning
User rights
ARP poisoning

38. A network consists of various remote sites that connect back to two main locations. The security administrator needs to block TELNET access into the network. Which of the following by default - would be the BEST choice to accomplish this goal?
Rogue access points
Block port 23 on the network firewall.
ACLs
Network Access Control

39. Recovery Point Objectives and Recovery Time Objectives directly relate to which of the following BCP concepts?
Buffer overflow
Security guard - Proximity reader
Business impact analysis
The security posture is enabled on the network and remediation must take place before access is given to the visitor on that laptop.

40. A security administrator is tasked with revoking the access of a terminated employee. Which of the following account policies MUST be enacted to ensure the employee no longer has access to the network?
Man-in-the-middle
ID badges
By masking the IP address of internal computers from the Internet
Account disablement

41. Which of the following attacks is manifested as an embedded HTML image object or JavaScript image tag in an email?
SSH
War driving
Cross-site scripting
Clustering

42. Which of the following assists in identifying if a system was properly handled during transport?
Decrease the power levels on the WAP
Fiber optic
Chain of custody
Diffie-Hellman

43. You are performing risk assessment for an organization. What should you do during impact assessment?
Determine the potential monetary costs related to a threat
Symmetric
By masking the IP address of internal computers from the Internet
MAC filtering

44. You are looking for ways to protect data on a network. Your solution should: Provide for easy backup of all user data.
VLAN segregation
Integrity and Authentication
Minimize risk of physical data theft. - Minimize the impact of the failure of any one file server.
content inspection.

45. Which of the following secure protocols is MOST commonly used to remotely administer Unix/Linux systems?
SSH
Clean desk policy
Spear phishing
TLS

46. How does a NAT server help protect your network?
Asymmetric and Hashing
War driving
By masking the IP address of internal computers from the Internet
A system that stops an attack in progress.

47. What key is used to encrypt an HTTPS session?
Symmetric
The web site's public key.
Humidity
Vulnerability scan

48. The server log shows 25 SSH login sessions it is a large company and the administrator does not know if this is normal behavior or if the network is under attack. Where should the administrator look to determine if this is normal behavior?
Video surveillance
The PC has become part of a botnet.
Decrease the power levels on the WAP
Baseline reporting

49. You detected an intrusion and are taking the necessary steps to preserve the evidence. You want to make sure the evidence will be admissible in a court of law. What should you do?
Privilege escalation
Ensure a proper chain of custody
Spear phishing
Virtual servers have the same information security requirements as physical servers.

50. Which of the following devices BEST allows a security administrator to identify malicious activity after it has occurred?
IPSec
Off-site backup
Black hat
IDS

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Major Subjects
Tests & Exams AP CLEP DSST GRE SAT GMAT	Certifications CISSP go to https://www.isc2.org/ PMP ITIL RHCE MCTS More...	IT Skills Android Programming Data Modeling Objective C Programming Basic Python Programming Adobe Illustrator More...	Business Skills Advertising Techniques Business Accounting Basics Business Strategy Human Resource Management Marketing Basics More...
Soft Skills Body Language People Skills Public Speaking Persuasion Job Hunting And Resumes More...	Vocabulary GRE Vocab SAT Vocab TOEFL Essential Vocab Basic English Words For All Global Words You Should Know Business English More...	Languages AP German Vocab AP Latin Vocab SAT Subject Test: French Italian Survival Norwegian Survival More...	Engineering Audio Engineering Computer Science Engineering Aerospace Engineering Chemical Engineering Structural Engineering More...
Health Sciences Basic Nursing Skills Health Science Language Fundamentals Veterinary Technology Medical Language Cardiology Clinical Surgery More...	English Grammar Fundamentals Literary And Rhetorical Vocab Elements Of Style Vocab Introduction To English Major Complete Advanced Sentences Literature Homonyms More...	Math Algebra Formulas Basic Arithmetic: Measurements Metric Conversions Geometric Properties Important Math Facts Number Sense Vocab Business Math More...	Other Major Subjects Science Economics History Law Performing-arts Cooking Logic & Reasoning Trivia

Test your basic knowledge |

Comptia Security + Exam

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests

Major Subjects

Tests & Exams

Certifications

IT Skills

Business Skills

Soft Skills

Vocabulary

Languages

Engineering

Health Sciences

English

Math

Other Major Subjects

Browse all subjects

Browse all tests

Most popular tests